This is probably a shot in the dark. I was required to setup a site-to-site vpn for a partner. I remote accessed in from home and started the wizard. Once I finished the vpn wizard, I noticed I couldn't access the Internet from servers within the LAN at work. So, I deleted the site-to-site vpn entry and still no luck reaching the outside. Now I can't access our web and email servers from the outside.
I have no idea what happened, I wouldn't think setting up a vpn would have caused this. The bad thing is I can't ASDM into the firewall once I remote access in. I know I need to provide the config and software version, but I may have to wait till I arrive at work to access this info.
Can anyone offer a suggestion with such limited information? I can provide more tomorrow. To sum up, the firewall is live and accessible bc I can remote in, it just seems the firewall isn't passing traffic from out to in or in to out.
Depending on what you entered in the VPN wizard, a NAT Exempt rule is automatically created. This is very useful for a site-to-site vpn (if the address spaces dont overlap), and should not affect internet access if configured correctly.
Important is to enter the correct source and destination in your NAT Exempt rule. If you enter "any" as destination, your internet access would most likely be disrupted. The destination should be the LAN on the other side of the VPN tunnel.
I would take a look at the access lists and make sure that something didn't get changed there. It has been a while since I set up a VPN using the wizard, so maybe something got messed up on the default route?
Without a config, it might be a little tough, so you might want to post that as well.
NEVER MIND. I WAS A LITTLE LATE ON THIS ONE. Glad that you figured it out!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...