I have configured a remote access VPN on my Firewall ASA5510. Everything worked fine and I can successfully connect through the VPN. The problem is I cannot ping or connect to any of my internal network resources. I tried to add a new NAT route from outside to my internal servers using the defined pool but due to a new ASA version there are many changed I see in the NAT routes and I cannot understand how to resolve this problem.
Could someone help me in this please? Its urgent.
added the NAT route using the below video, but still I cannot connect to internal resources:
Main issue is that we dont know what NAT configuration is already in place. What you can do is the following and let us know if it works.
Object network INSIDE-LAN
subnet x.x.x.x x.x.x.x
Object network VPN-POOL
subnet y.y.y.y y.y.y.y
Nat (inside,outside) 1 source static INSIDE-LAN INSIDE-LAN destination static VPN-POOL VPN-POOL
Note the number 1, it will put this NAT statement first on the NAT list to avoid any other NAT to mess with this specific traffic.
Try it out and let us know.
This is the NAT which I have created earlier:
nat (inside,any) source static any any destination static QIB-VPN QIB-VPN
When I run the Packet tracer on this specific NAT route the packet drops and it recommends to create a access rule in the access list table.
Can you change it to be outside instead of any? Also, can you make sure that it is first on the list of nats? If possible paste your Packet tracer without the IPs once you complete these changes...
I changed the rule from any to outside. Packet tracer is giving the below results:
|100||RESULT - The packet is dropped.||true|
Info: (acl-drop) Flow is denied by configuration rule.
If you go to "Show rule in access rules" does it take you to the NAT section or the ACL section? Is the inside sec level 100 and outside less than 100 ?