Hi All: I'm a newbie Cisco user and seem to have FUBAR'd my router config. I have a single LAN (192.168.21/24) with a single public server and two VPNs. After configuration of the VPNs I can no longer reach anything outside from the LAN. Servers inside the LAN can't ping or resolve external IPs.
I keep staring at the config but I don't see what's blocking the internal network from connecting to the outside world?
ASA Version 8.2(1)
enable password RQPm7xkzY.37Q.Ne encrypted
passwd RQPm7xkzY.37Q.Ne encrypted
name 192.168.22.0 vpn1
name 192.168.21.10 server2
name zzz.216.245.245 server2-public
name 192.168.21.51 server1
ip address 192.168.21.1 255.255.255.0
ip address zzz.216.245.242 255.255.255.248
switchport access vlan 2
ftp mode passive
object-group service remotedesktop tcp
port-object eq 3389
object-group service DM_INLINE_TCP_0 tcp
port-object eq www
port-object eq https
object-group protocol DM_INLINE_PROTOCOL_2
access-list outside_access_in extended permit tcp any host server2-public object-group DM_INLINE_TCP_0
access-list outside_access_in extended permit ip any host server2
access-list outside_cryptomap extended permit ip 192.168.21.0 255.255.255.0 vpn188.8.131.52 255.255.255.224
Thanks Marvin: So, I'm not sure why I added that ACL for server2...but having disabled it, I still can't seem to get any traffic from inside the network through the default IF. I tried adding a new rule to the inside IF allowing any-any, but that didn't work either.
But then I noticed that there was an implicit rule for IPv6 traffic that said "Any less secure network" as the destination, and it couldn't be edited in the ASDM GUI...but that didn't appear in the IPv4 "inside" Access Rules...so I deleted each disabled access rule one-by-one, and after deleting the last one, the implicit rule popped back up and everything started working...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...