Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

remote access vpn ip pool cannot access vlan

we have an ip pool allocated on the firewall (ASA 5520) for remote access vpn. vpn users can access all internal resources with the exception of the following segments:

192.168.200.0\24

There are no ACL's on the vlan interface to block this traffic, the problem appears to be on the firewall. Here's all the nonatI have for the IP pool segment (10.20.50.0\24):

access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.20.99.0 255.255.255.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 10.20.50.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.200.0 255.255.255.0 10.20.50.0 255.255.255.0

Again, the routing is not the problem.

1 REPLY

Re: remote access vpn ip pool cannot access vlan

What does the asdm real time log tells you?

what interfaces in asa are these networks coming from?

10.20.99.0/24

192.168.4.0/24

192.168.200.0/24

what are your ASA nat statements look like in reference to these nat exempt acls, posting sanatize config and some logs will help us in giving clues to what the problem could be.

Regards

126
Views
0
Helpful
1
Replies
CreatePlease to create content