Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
859
Views
11
Helpful
7
Replies

Local Lan Access thru the ASA5510

Go to solution
broow
Level 1
Level 1

‎03-18-2009 10:59 AM - edited ‎02-21-2020 03:21 AM

I am at my wits end trying to figure this out. We are in the process of replacing our good ol' 3030 with an ASA 5510 for vpn purposes. I have setup the ASA as follows:

E0/0 is the public interface: xxx.xxx.199.10/24

E0/1 is the private interface: 172.20.72.0/24

The remote clients get a 10.12.27.xxx address from the ASA.

The client get the address fine, but can not access anything on the 172.20.72.xxx network. What piece am I missing? Some type of NAT?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to broow

‎03-20-2009 02:24 PM

William, glad all has worked, don't forget to rate helpful posts.

Regards

Jorge Rodriguez

View solution in original post

7 Replies 7

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10

‎03-18-2009 01:23 PM

check your nonat acl to make sure you permit RA vpn pool network,

access-list nside_nat0_outbound extended permit ip 172.20.72.0 255.255.255.0 10.12.27.0

nat (inside) 0 access-list inside_nat0_outbound

if you already have a nonat acl peimiting the traffic then make sure you have NAT-T enabled globally in ASA :

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

Regards

Jorge Rodriguez

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to JORGE RODRIGUEZ

‎03-19-2009 02:52 PM

William, is your problem resolved with the suggestions I have provided, let us know otherwise to assist you fruther.

Regards

Jorge Rodriguez
0 Helpful

Go to solution
oneirishpollack
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎03-20-2009 06:22 AM

I am in the same boat, but I am missing the big picture.

Here is my IP configs of my VPN connected client:

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 70.211.67.89

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 70.211.67.89

Ethernet adapter VPN#1:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.100.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

I have attached the ipconfig and route print. The ASA address is: 163.105.74.249

I can ping the ASA and Yahoo, but no inside addresses (10.4.4.x)

Can you give me some ideas of what is wrong. I am using split tunneling.

Preview file
30 KB
0 Helpful

Go to solution
broow
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎03-20-2009 07:42 AM

still stuck,

I will send my config file if that is okay.

0 Helpful

Go to solution
broow
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎03-20-2009 08:10 AM

attached is the config file

Preview file
4 KB
0 Helpful

Go to solution
broow
Level 1
Level 1

‎03-20-2009 01:03 PM

The vpn is now working. I added your suggestions. I also added a route I had oitted in the router for the 172.20.72.x network to send 10.12.27.x traffic to the asa5510 at 172.20.72.5. After that, pings and access worked. Thanks

0 Helpful

Go to solution
JORGE RODRIGUEZ
Level 10
Level 10
In response to broow

‎03-20-2009 02:24 PM

William, glad all has worked, don't forget to rate helpful posts.

Regards

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card