Local Lan Access thru the ASA5510

Answered Question
Mar 18th, 2009

I am at my wits end trying to figure this out. We are in the process of replacing our good ol' 3030 with an ASA 5510 for vpn purposes. I have setup the ASA as follows:

E0/0 is the public interface: xxx.xxx.199.10/24

E0/1 is the private interface: 172.20.72.0/24

The remote clients get a 10.12.27.xxx address from the ASA.

The client get the address fine, but can not access anything on the 172.20.72.xxx network. What piece am I missing? Some type of NAT?

I have this problem too.
0 votes
Correct Answer by JORGE RODRIGUEZ about 7 years 10 months ago

William, glad all has worked, don't forget to rate helpful posts.

Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.2 (4 ratings)
Loading.
JORGE RODRIGUEZ Wed, 03/18/2009 - 13:23

check your nonat acl to make sure you permit RA vpn pool network,

access-list nside_nat0_outbound extended permit ip 172.20.72.0 255.255.255.0 10.12.27.0

nat (inside) 0 access-list inside_nat0_outbound

if you already have a nonat acl peimiting the traffic then make sure you have NAT-T enabled globally in ASA :

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

Regards

JORGE RODRIGUEZ Thu, 03/19/2009 - 14:52

William, is your problem resolved with the suggestions I have provided, let us know otherwise to assist you fruther.

Regards

oneirishpollack Fri, 03/20/2009 - 06:22

I am in the same boat, but I am missing the big picture.

Here is my IP configs of my VPN connected client:

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 70.211.67.89

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 70.211.67.89

Ethernet adapter VPN#1:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.100.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

I have attached the ipconfig and route print. The ASA address is: 163.105.74.249

I can ping the ASA and Yahoo, but no inside addresses (10.4.4.x)

Can you give me some ideas of what is wrong. I am using split tunneling.

Attachment: 
broow Fri, 03/20/2009 - 07:42

still stuck,

I will send my config file if that is okay.

broow Fri, 03/20/2009 - 13:03

The vpn is now working. I added your suggestions. I also added a route I had oitted in the router for the 172.20.72.x network to send 10.12.27.x traffic to the asa5510 at 172.20.72.5. After that, pings and access worked. Thanks

Correct Answer
JORGE RODRIGUEZ Fri, 03/20/2009 - 14:24

William, glad all has worked, don't forget to rate helpful posts.

Regards

Actions

This Discussion