I'm trying to set up an SSL VPN (not clientless) with a cisco ASA 5510, but i am a little blocked since for tests the vpn will be in the same subnet as the destination to reach and therefore there will be only one interfaces connected to the network which would deal with internal and external traffic. I enclosed a diagram of what i am trying to do and my ASA configuration, hopes that would be helpful.
The entire network is for historical reasons on routed public ip addresses. There are acls in order to block the traffic from the internet to the workstation on our network which is 188.8.131.52/24.
Since i am not in charge of the management of this network, i would like to perform vpn tests in several steps.
1) First step is to test this vpn from the inside to the inside
2) Second step would be to test this vpn from outside the internet to the inside network
3) and the last step would be to put this vpn into a separate vlan
For the first step, i tried to connect to the vpn server with the anyconnect client, no problem with the vpn establishement, and i am correctly obtaining an ip from the pool (for example: 184.108.40.206) but I cannot contact internal workstation on the 220.127.116.11/24 network.
I'im sure I am missing something in the configuration, would it be possible to help me ?
Thanks in Advance,
1. please use a different subnet as vpn client pool other than your internal network 8.8.36/24
2. since the traffic will make a U turn on ASA, you need the following command.
same-security-traffic permit intra-interface