vpn routing problem

Unanswered Question
Sep 19th, 2009
User Badges:

hello!

i recently configured on a cisco asa 5520 remote access using ipsec.

the remote client uses cisco vpn client.

the vpn client successfully authenticats and connects to the asa, however i dont have access to the lan. this is the first time that i configure cisco vpn on an asa.

for one,because the lan subnet and the internal ip of the asa are different,im not sure which ip would be the most appropriate to assign the vpn client.secondly,ive read on other posts here about the nonat command and its involvement with the acl, but im not clear on it.im attaching my running config as to give a better understanding...thanks alot in advance!!



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Mon, 09/21/2009 - 12:01
User Badges:
  • Green, 3000 points or more

Use a pool which is different than your lan subnet.


For example, if your pool is 192.168.x.0 255.255.255.0


then you will need...


access-list nonat extended permit ip any 192.168.x.0 255.255.255.0

nat (inside) 0 access-list nonat


Also add..


crypto isakmp nat-traversal

Actions

This Discussion