Solved: Re: ASA Webvpn config question

bobsills · ‎06-21-2009

I am new to setting up webvpn connections. I managed to get everything set and can connect to the remote unit without issue using Anyconnect. The problem I am having is, after I established a vpn connection, I cannot connect to anything on the remote inside network (ie RDP to desktop) except to the ASA itself. Any guidance would be a big help.

andrew.prince · ‎06-22-2009

Change Your no-nat to:-

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

View solution in original post

andrew.prince · ‎06-22-2009

Change the IP address assigned to the webVPN users to another clean /24.

Make sure all L3 devices have a route to the ASA.

HTH>

shijomon scaria · ‎06-22-2009

Hello,

As andrew said, assign a new range of ip for web vpn pool (other than 192.168.0.0 range) and exclude that range from nat using the nat 0 command with a an access-list permitting traffic from 192.168.0.0 255.255.255.0 x.x.x.x 255.255.255.0.

Thank you,

Shijo

bobsills · ‎06-22-2009

Seems like I am still missing somethings. I made the changes as both you and andrer recommended but I am still getting the following in the syslogs when I try to connect to something:

3 Jun 22 2009 20:32:03 305005 192.168.0.10 No translation group found for icmp src outside:192.168.1.230 dst inside:192.168.0.10 (type 8, code 0)

I know I am missing something simple but not seeing it yet.

Thanks,

-Bob

andrew.prince · ‎06-22-2009

Change Your no-nat to:-

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

bobsills · ‎06-23-2009

yes, that did the trick.

Thanks

andrew.prince · ‎06-24-2009

np - glad to help.