Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5505: WebVPN not working after adding second vlan

Hey Guys,

I have added a second vlan on our ASA5505 for the wireless network (yes, I know it's not a router) and now webvpn has stopped working. Basically what happens is the ASA tries to unnat the request (which I think it shouldn't) and because of a static entry I seem to be unable to remove it resolves to the wrong network.

unnatting cisco asa.png

The rule is

static (wireless,outside) interface gw_wireless netmask 255.255.255.255 dns

The acl entry for the webvpn port is:

access-list outside_access_in extended permit tcp any host outside_ip object-group custom_webvpn log debugging 

webvpn

port 444

enable outside

dtls port 444

I hope you can help me with my problem, if I need to give any more details please let me know...

Thanks,

John

1 ACCEPTED SOLUTION

Accepted Solutions

ASA5505: WebVPN not working after adding second vlan

Hi John,

You need to remove that static NAT entry.

What it does is statically nat everything coming to the outside interface to 0.0.0.0 on the wireless interface and that doesn't make sense.

ciscoasa(config)# static (inside,outside) interface 0.0.0.0 netmask 255.255.255.255 dns

WARNING: static redireting all traffics at outside interface;

WARNING: all services terminating at outside interface are disabled.

What was intended with that static statement?

Patrick

3 REPLIES

ASA5505: WebVPN not working after adding second vlan

Hi John,

You need to remove that static NAT entry.

What it does is statically nat everything coming to the outside interface to 0.0.0.0 on the wireless interface and that doesn't make sense.

ciscoasa(config)# static (inside,outside) interface 0.0.0.0 netmask 255.255.255.255 dns

WARNING: static redireting all traffics at outside interface;

WARNING: all services terminating at outside interface are disabled.

What was intended with that static statement?

Patrick

New Member

ASA5505: WebVPN not working after adding second vlan

Hi Patrick,

Thanks for your response, I figured as much.. Ended up resetting it to factory defaults and rebuilding the configuration from there. Couldn't for the life of me get that entry out.

As for the intention, not a clue, I wonder how it came in as well..

Anyway, it's back working again now, so thanks a lot!

John

ASA5505: WebVPN not working after adding second vlan

Hello John,

Agree with Patrick (kudos to u) .

What you need instead of performing a one to one translation for the wireless router is to do a port-forwarding, I guess you are looking to manage the device remotely so do the following

static (inside,outside) tcp interface 443 gw_wireless 443

access-list out_in permit tcp any host interface_ip_address eq 443

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
207
Views
0
Helpful
3
Replies