10-01-2010 01:06 AM
Hi
This week i configured a remote access vpn to an asa 5510.
See this topic: https://supportforums.cisco.com/message/3191344#3191344
Thanks to the support, i can connect now, but i still don't have any local lan access.
When i connect with my vpn client.
My internal dhcp pool is 192.0.0.0 255.255.255.0
My dhcp pool is 192.0.1.0 255.255.255.0
I have attachted my running config, and some screenshots from my VPN client when connected.
Any help would be appreciated
Solved! Go to Solution.
10-01-2010 01:14 AM
You've added an incorrect NAT exemption ACL. It should be:
access-list inside_nat0_outbound_1 extended permit ip any 192.0.1.0 255.255.255.0
and to test pinging the inside interface, pls add:
management-access inside
Hope that resolves the issue.
10-01-2010 01:14 AM
You've added an incorrect NAT exemption ACL. It should be:
access-list inside_nat0_outbound_1 extended permit ip any 192.0.1.0 255.255.255.0
and to test pinging the inside interface, pls add:
management-access inside
Hope that resolves the issue.
10-01-2010 01:31 AM
Hi Jennifer
Thank you for the quick responce, but i still don't have local lan access.
when i'mconnected, my default gateway that i get from the asa, is the same as the ip
address i get from the asa.
Connection-specific DNS Suffix . : xxxxxxxxxxxxxxxxx
IP Address. . . . . . . . . . . . : 192.0.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.0.1.2
Is this correct, it seems odd, but i don't know much about vpn's, as you may already know.
Thanks for all the help
10-01-2010 01:34 AM
yes, that is OK. from the statistics page, your vpn client is sending the traffic towards the ASA, but no traffic is returning.
Can you share the output of:
show crypto ipsec sa
Can you ping the ASA inside interface from vpn client?
10-01-2010 01:35 AM
Also, enable this command:
crypto isakmp nat-traversal
10-01-2010 01:40 AM
10-01-2010 01:43 AM
is ping to 192.0.0.40 successful?
10-01-2010 01:46 AM
Yes now ping to 192.0.0.40 is succesfull
10-01-2010 01:48 AM
Perfect,..
What other hosts are you trying to access internally? ping as well? you might want to check if personal firewall is turned on the inside host as it blocks incoming/inbound traffic from other subnets normally.
10-01-2010 02:02 AM
10-01-2010 02:05 AM
Great, thanks for the update. Please kindly mark the post as answered.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: