Remote VPN no access to hosts

Answered Question
Mar 4th, 2014
User Badges:

Hello Guys,


I have an ASA 5505 with two tunnels, one Site-to-Site (between two ASA 5505), and also I added a VPN for remote access using the Cisco VPN Cient. The thing that I discovered is that the connection Site-to-Site, I can reach hosts from the LANs, but using the VPN Client I only can reach the inside Interface of the ASA but not to the hosts.


Maybe something is missing in my ACL's but I wasn't able to determine what it is. Would you give me a hand on this?


Attached is my config file, and the LAN behind the ASA consist in a couple of vlans on the segment 192.168.0.0 /24 the VPN Client receives IP from the segment 10.10.10.X


Thanks in advance,

Correct Answer by jjohnston1127 about 3 years 1 month ago

Hi David,


You are missing a NAT exemption statement. 


You need to add this:


access-list noNAT extended permit ip any 10.10.10.0 255.255.255.0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jjohnston1127 Tue, 03/04/2014 - 14:38
User Badges:
  • Silver, 250 points or more

Hi David,


You are missing a NAT exemption statement. 


You need to add this:


access-list noNAT extended permit ip any 10.10.10.0 255.255.255.0

David Correa Garcia Tue, 03/04/2014 - 16:20
User Badges:

Dear jjohnston,


You were right, I added the statement and now I can reach the hosts.


Thanks a bunch!

Actions

This Discussion

Related Content