Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

remote VPN client cannot access LAN.

HI All,

I am using ASA5520 8.0(2) and my VPN client can establish a connection with the firewall. When I tried to ping from my VPN client to inside LAN servers, the traffic did research LAN Servers.

However the problem is that the return traffic is never delivered to VPN Client and got "teardown".

Here is my current configuration files. Any comment is appreciated.

4 REPLIES
Cisco Employee

Re: remote VPN client cannot access LAN.

The issue could be the Pool from which the IP Addresses are assigned to the clients.

Is it possible to reconfigure the VPNClientIPs Pool to use a different set of ip addresses than the ones that are part of your LAN and see if it works.

Example:

1. Assign 172.16.1.x/24 for the VPN Clients.

2. Include 172.16.1.x/24 in the NAT 0 Command to bypass NAT.

3. Make sure that your internal routing knows that they need to send the traffic back to the ASA to reach 172.16.1.x/24.

Regards,

Arul

New Member

Re: remote VPN client cannot access LAN.

Thanks for replying, Arul.

The issue is that VPN traffics has reached internal server, and replied traffics has reach firewall then it got tear down.

It seems inside the firewall, it doesn't realize the IP is a VPN client IP address.

But when I checked ARP table, it did show the connection IP for the VPN Client.

Any thoughts on that?

BTW, I used the same setting just the other day and everything works fine, it just stopped working today, and I don't remember that anything I modified can cause such a result.

Cisco Employee

Re: remote VPN client cannot access LAN.

Is it possible for you to change the pool of IP Addresses to something other than your internal network. Based upon your symptoms, it looks like the ASA is getting the return traffic and simply drops the packet because it has an inside ip addresses that falls within the 10.0.0.x/24 range.

Try changing the pool to a different subnet, reconfigure the NAT 0, make sure that the internal networks know that they need to send the traffic back to the ASA for the VPN Client Pool and give it a shot. Let me know how it goes.

Regards,

Arul

New Member

Re: remote VPN client cannot access LAN.

I tried that, still the same result.

255
Views
0
Helpful
4
Replies