03-18-2009 10:59 AM - edited 02-21-2020 03:21 AM
I am at my wits end trying to figure this out. We are in the process of replacing our good ol' 3030 with an ASA 5510 for vpn purposes. I have setup the ASA as follows:
E0/0 is the public interface: xxx.xxx.199.10/24
E0/1 is the private interface: 172.20.72.0/24
The remote clients get a 10.12.27.xxx address from the ASA.
The client get the address fine, but can not access anything on the 172.20.72.xxx network. What piece am I missing? Some type of NAT?
Solved! Go to Solution.
03-20-2009 02:24 PM
William, glad all has worked, don't forget to rate helpful posts.
Regards
03-18-2009 01:23 PM
check your nonat acl to make sure you permit RA vpn pool network,
access-list nside_nat0_outbound extended permit ip 172.20.72.0 255.255.255.0 10.12.27.0
nat (inside) 0 access-list inside_nat0_outbound
if you already have a nonat acl peimiting the traffic then make sure you have NAT-T enabled globally in ASA :
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1
Regards
03-19-2009 02:52 PM
William, is your problem resolved with the suggestions I have provided, let us know otherwise to assist you fruther.
Regards
03-20-2009 06:22 AM
I am in the same boat, but I am missing the big picture.
Here is my IP configs of my VPN connected client:
PPP adapter NationalAccess - BroadbandAccess:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 70.211.67.89
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 70.211.67.89
Ethernet adapter VPN#1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.100.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
I have attached the ipconfig and route print. The ASA address is: 163.105.74.249
I can ping the ASA and Yahoo, but no inside addresses (10.4.4.x)
Can you give me some ideas of what is wrong. I am using split tunneling.
03-20-2009 07:42 AM
still stuck,
I will send my config file if that is okay.
03-20-2009 08:10 AM
03-20-2009 01:03 PM
The vpn is now working. I added your suggestions. I also added a route I had oitted in the router for the 172.20.72.x network to send 10.12.27.x traffic to the asa5510 at 172.20.72.5. After that, pings and access worked. Thanks
03-20-2009 02:24 PM
William, glad all has worked, don't forget to rate helpful posts.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: