Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
6
Replies

ASA Webvpn config question

Go to solution
bobsills
Level 1
Level 1

‎06-21-2009 07:05 PM - edited ‎03-11-2019 08:46 AM

I am new to setting up webvpn connections. I managed to get everything set and can connect to the remote unit without issue using Anyconnect. The problem I am having is, after I established a vpn connection, I cannot connect to anything on the remote inside network (ie RDP to desktop) except to the ASA itself. Any guidance would be a big help.

Labels:
23018-running-config.cfg
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10
In response to bobsills

‎06-22-2009 11:49 PM

Change Your no-nat to:-

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

View solution in original post

0 Helpful
6 Replies 6

Go to solution
andrew.prince
Level 10
Level 10

‎06-22-2009 01:15 AM

Change the IP address assigned to the webVPN users to another clean /24.

Make sure all L3 devices have a route to the ASA.

HTH>

0 Helpful

Go to solution
shijomon scaria
Level 1
Level 1

‎06-22-2009 03:04 AM

Hello,

As andrew said, assign a new range of ip for web vpn pool (other than 192.168.0.0 range) and exclude that range from nat using the nat 0 command with a an access-list permitting traffic from 192.168.0.0 255.255.255.0 x.x.x.x 255.255.255.0.

Thank you,

Shijo

0 Helpful

Go to solution
bobsills
Level 1
Level 1
In response to shijomon scaria

‎06-22-2009 07:51 PM

Seems like I am still missing somethings. I made the changes as both you and andrer recommended but I am still getting the following in the syslogs when I try to connect to something:

3 Jun 22 2009 20:32:03 305005 192.168.0.10 No translation group found for icmp src outside:192.168.1.230 dst inside:192.168.0.10 (type 8, code 0)

I know I am missing something simple but not seeing it yet.

Thanks,

-Bob

23019-running-config.cfg
0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to bobsills

‎06-22-2009 11:49 PM

Change Your no-nat to:-

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

0 Helpful

Go to solution
bobsills
Level 1
Level 1
In response to andrew.prince

‎06-23-2009 07:02 PM

yes, that did the trick.

Thanks

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to bobsills

‎06-24-2009 01:50 AM

np - glad to help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card