cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
391
Views
0
Helpful
5
Replies

VPN connection

CSCO10320953
Level 1
Level 1

I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.

5 Replies 5

hunnetvl01
Level 1
Level 1

Post your routing and access-list + NAT

Vlad

Tshi M
Level 5
Level 5

is split tunneling enabled on the firewall?

maybe it's NAT exepltion issue. maybe you need to add NAT 0 command...

Hi All,

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address x.x.x.x 255.255.255.248

interface GigabitEthernet0/1

description Internet

nameif Inside

security-level 100

ip address x.x.x.x 255.255.255.248

interface Management0/0

nameif management

security-level 100

ip address 10.0.x.x 255.x.x.0

access-list Inside_mpc remark Trafiic for CSC Scan

access-list Inside_mpc extended permit tcp object-group DM_INLINE_NETWORK_1 any eq www

access-list Inside_access_in extended permit ip any any log critical

access-list outacc extended permit icmp any any log critical

access-list outacc extended permit object-group DM_INLINE_SERVICE_6 any any log critical

access-list Inside_mpc_2 extended permit tcp object-group DM_INLINE_NETWORK_2 any eq www

access-list Cisco_splitTunnelAcl standard permit x.x.x.x 255.255.255.248

access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 x.x.x.0 255.255.255.0

access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 220.220.220.0 255.255.255.0

access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.224

access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.0

access-list Inside_mpc_3 remark csc

access-list aba_splitTunnelAcl standard permit x.x.x.x 255.255.255.248

access-list management_splitTunnelAcl standard permit x.x.x.x 255.255.252.0

access-list Outside_access_in remark For vpn connection

access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any log notifications

ip local pool abavpnpool x.x.x.x-x.x.x.x mask 255.255.252.0

ip local pool testpool x.x.x.x-x.x.x.x mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

nat-control

global (Outside) 1 x.x.x.x

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1 0.0.0.0 0.0.0.0

access-group outacc in interface Outside

access-group Inside_access_in_1 in interface Inside

route Outside 0.0.0.0 0.0.0.0 x.x.x.x

route Inside x.x.x.x 255.255.252.0 x.x.x.x 1

vpn-group-policy abavpn

tunnel-group abavpn type remote-access

tunnel-group abavpn general-attributes

address-pool abavpnpool

default-group-policy abavpn

tunnel-group abavpn ipsec-attributes

pre-shared-key *

tunnel-group test type remote-access

tunnel-group test general-attributes

address-pool testpool

default-group-policy test

tunnel-group test ipsec-attributes

pre-shared-ke

Hi,

I believe that you need to define a group-policy that will use the defined split tunnel.

group-policy test internal

group-policy test attributes

dns-server value x.x.x.x

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Cisco_splitTunnelAcl

default-domain value xxx.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: