Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Unable to reach internal network after remote SSL VPN connection

Unanswered Question
Oct 3rd, 2013
User Badges:


I am setting up ASA 5505 for remote access SSL VPN now. After successfully login with Anyconnect Mobile Secure client, I am having problem to reach internal network. The screen shot of the route table on the client is as attached.

Can anyone give me a hand? Thanks.

Also, the running configuration is as below:

: Saved


ASA Version 8.2(5)


hostname myvpn

domain-name paragontesting.ca


name Paragon_SSLVPN_IP01



interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5

switchport access vlan 5


interface Ethernet0/6

switchport access vlan 5


interface Ethernet0/7

switchport access vlan 5


interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 1

ip address


interface Vlan5

no nameif

security-level 50

ip address


ftp mode passive

clock timezone PST -8

clock summer-time PDT recurring

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS


domain-name paragontesting.ca

access-list Internal standard permit

access-list Internal standard permit Paragon_SSLVPN_IP01

access-list inside_nat0_outbound_1 extended permit ip Paragon_SSLVPN_IP01

access-list inside_nat0_outbound_1 extended permit ip Paragon_SSLVPN_IP01

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool Paragon_SSL_VPN_Pool2 mask

ip local pool Paragon_SSLVPN_Inside mask

ip local pool SSL_VPN_IP_Pool mask

icmp unreachable rate-limit 1 burst-size 1

icmp permit any outside

no asdm history enable

arp timeout 14400


global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound_1

nat (inside) 1

route outside 1

route inside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

aaa-server Duo-LDAP protocol ldap

aaa-server Duo-LDAP (outside) host api-0c274afe.duosecurity.com

timeout 60

server-port 636

ldap-base-dn dc=DIAFSBNHYPCDKTTIS10Y,dc=duosecurity,dc=com

ldap-naming-attribute cn

ldap-login-password *****

ldap-login-dn dc=DIAFSBNHYPCDKTTIS10Y,dc=duosecurity,dc=com

ldap-over-ssl enable

server-type auto-detect

http server enable

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no sysopt connection permit-vpn

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

vpn-addr-assign local reuse-delay 5

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server source outside prefer

ssl trust-point selfSign_2012 outside


enable outside

svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1

svc profiles Paragon_SSLVPN_01 disk0:/paragon_sslvpn_01.xml

svc enable

tunnel-group-list enable

group-policy ParagonPolicy01 internal

group-policy ParagonPolicy01 attributes

wins-server none

dns-server value

vpn-tunnel-protocol svc webvpn

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Internal

default-domain value paragontesting.ca


  url-list none

  customization value Due01

group-policy DfltGrpPolicy attributes

dns-server value

vpn-tunnel-protocol webvpn

default-domain value paragontesting.ca


  url-list value Paragon01

  customization value Due01

username cisco password  nt-encrypted

username cisco attributes

service-type remote-access

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool (outside) SSL_VPN_IP_Pool

address-pool SSL_VPN_IP_Pool

authentication-server-group (outside) LOCAL

authorization-server-group LOCAL

tunnel-group DefaultWEBVPNGroup webvpn-attributes

customization Due01

tunnel-group ParagonSSLVPN type remote-access

tunnel-group ParagonSSLVPN general-attributes

address-pool Paragon_SSL_VPN_Pool2

default-group-policy ParagonPolicy01

tunnel-group ParagonSSLVPN webvpn-attributes

customization Due01

group-alias SSLVPN enable

group-url disable



prompt hostname context

no call-home reporting anonymous

: end

asdm location Paragon_SSLVPN_IP01 inside

no asdm history enable

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion