Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
3
Replies

ASA 5500 issue passing traffic

rhopkins_rcps
Level 1
Level 1

‎08-09-2009 03:28 PM - edited ‎03-11-2019 09:04 AM

This is probably a shot in the dark. I was required to setup a site-to-site vpn for a partner. I remote accessed in from home and started the wizard. Once I finished the vpn wizard, I noticed I couldn't access the Internet from servers within the LAN at work. So, I deleted the site-to-site vpn entry and still no luck reaching the outside. Now I can't access our web and email servers from the outside.

I have no idea what happened, I wouldn't think setting up a vpn would have caused this. The bad thing is I can't ASDM into the firewall once I remote access in. I know I need to provide the config and software version, but I may have to wait till I arrive at work to access this info.

Can anyone offer a suggestion with such limited information? I can provide more tomorrow. To sum up, the firewall is live and accessible bc I can remote in, it just seems the firewall isn't passing traffic from out to in or in to out.

Thanks in advance

Labels:
0 Helpful
3 Replies 3

rhopkins_rcps
Level 1
Level 1

‎08-10-2009 05:33 AM

Figured it out, for some reason the wizard created a Nat exempt rule for the LAN. Removed it and everything is back to normal.

0 Helpful

i.va
Level 3
Level 3
In response to rhopkins_rcps

‎08-10-2009 11:25 PM

Hi,

Depending on what you entered in the VPN wizard, a NAT Exempt rule is automatically created. This is very useful for a site-to-site vpn (if the address spaces dont overlap), and should not affect internet access if configured correctly.

e.g. following configuration:

LAN1 192.168.1.0/24|----ASA1---(INTERNET)---ASA2----|LAN2 192.168.2.0/24

Important is to enter the correct source and destination in your NAT Exempt rule. If you enter "any" as destination, your internet access would most likely be disrupted. The destination should be the LAN on the other side of the VPN tunnel.

0 Helpful

reido2131
Level 1
Level 1

‎08-24-2009 11:06 AM

I would take a look at the access lists and make sure that something didn't get changed there. It has been a while since I set up a VPN using the wizard, so maybe something got messed up on the default route?

Without a config, it might be a little tough, so you might want to post that as well.

NEVER MIND. I WAS A LITTLE LATE ON THIS ONE. Glad that you figured it out!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card