Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Remote access vpn in ASA 5505

Hi,

we have Lan-to-lan VPN from our office to head office in US. we have servers in US located in DMZ ie database & webhosting, we have enabled remote access VPN also for our client who want to access these servers when they connected to remote access VPN their local lan gets disconnected I tested from our office same issue using remote access VPN & i am attaching the configuration file of firewall in US

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Remote access vpn in ASA 5505

Just remove existing and add the following

1, access-list testingKowa_splitTunnelAcl extended permit ip (your server ip and mask) 192.168.1.0 255.255.255.0.

2 cal this acl in your active group policy.

split-tunnel-policy tunnelspecified

split-tunnel-network-list

testingKowa_splitTunnelAcl

3, group-policy CiscoASA attributes

no dns-server value 202.138.96.2 202.138.96.100

10 REPLIES

Re: Remote access vpn in ASA 5505

Community Member

Re: Remote access vpn in ASA 5505

Hi Jorge,

First thanks

I am able to access Local Lan ie giving printing using the link what u have given,

but not able to access internet I think to go to internet he is not able to understand to which default gateway he should use

I want both to work

pls find the latest FW configuration

Community Member

Re: Remote access vpn in ASA 5505

Dear,

Just remove "any" from your split tunnel acl and mention the networks of your secure networks and then call it in group policy with tunnel specified option.

2, remove dns-server value 202.138.96.2 202.138.96.100.

Regards,

Community Member

Re: Remote access vpn in ASA 5505

Hi,

can u please explain in brief I am not getting

Community Member

Re: Remote access vpn in ASA 5505

Just remove existing and add the following

1, access-list testingKowa_splitTunnelAcl extended permit ip (your server ip and mask) 192.168.1.0 255.255.255.0.

2 cal this acl in your active group policy.

split-tunnel-policy tunnelspecified

split-tunnel-network-list

testingKowa_splitTunnelAcl

3, group-policy CiscoASA attributes

no dns-server value 202.138.96.2 202.138.96.100

Community Member

Re: Remote access vpn in ASA 5505

Local Lan ip: 192.168.130.0/24

VPN Pool ip: 192.168.1.0/24

will it be any impact if I use no dns-server value 202.138.96.2 202.138.96.100

because i am accessing the fw thru L2L vpn

Community Member

Re: Remote access vpn in ASA 5505

ok just do it without removing dns.

Community Member

Re: Remote access vpn in ASA 5505

I tried internet is working but my local lan is not working I want both to work simultaneously

Community Member

Re: Remote access vpn in ASA 5505

Please find the testing snapshoot

I think under secured routes i should get 192.168.1.0/24 & under local lan access 192.168.130.0/24 then both might work

Community Member

Re: Remote access vpn in ASA 5505

Hi,

My problem got resolved & thanks for all who supported me to fix this below is the changes i made

1. access-list Bangalore-Lan standard permit 0.0.0.0 255.0.0.0

2. I didn't remove the DNS settings

366
Views
0
Helpful
10
Replies
CreatePlease to create content