08-09-2009 03:28 PM - edited 03-11-2019 09:04 AM
This is probably a shot in the dark. I was required to setup a site-to-site vpn for a partner. I remote accessed in from home and started the wizard. Once I finished the vpn wizard, I noticed I couldn't access the Internet from servers within the LAN at work. So, I deleted the site-to-site vpn entry and still no luck reaching the outside. Now I can't access our web and email servers from the outside.
I have no idea what happened, I wouldn't think setting up a vpn would have caused this. The bad thing is I can't ASDM into the firewall once I remote access in. I know I need to provide the config and software version, but I may have to wait till I arrive at work to access this info.
Can anyone offer a suggestion with such limited information? I can provide more tomorrow. To sum up, the firewall is live and accessible bc I can remote in, it just seems the firewall isn't passing traffic from out to in or in to out.
Thanks in advance
08-10-2009 05:33 AM
Figured it out, for some reason the wizard created a Nat exempt rule for the LAN. Removed it and everything is back to normal.
08-10-2009 11:25 PM
Hi,
Depending on what you entered in the VPN wizard, a NAT Exempt rule is automatically created. This is very useful for a site-to-site vpn (if the address spaces dont overlap), and should not affect internet access if configured correctly.
e.g. following configuration:
LAN1 192.168.1.0/24|----ASA1---(INTERNET)---ASA2----|LAN2 192.168.2.0/24
Important is to enter the correct source and destination in your NAT Exempt rule. If you enter "any" as destination, your internet access would most likely be disrupted. The destination should be the LAN on the other side of the VPN tunnel.
08-24-2009 11:06 AM
I would take a look at the access lists and make sure that something didn't get changed there. It has been a while since I set up a VPN using the wizard, so maybe something got messed up on the default route?
Without a config, it might be a little tough, so you might want to post that as well.
NEVER MIND. I WAS A LITTLE LATE ON THIS ONE. Glad that you figured it out!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide