Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
0
Helpful
5
Replies

VPN access

Go to solution
dvanhaaren
Level 1
Level 1

‎08-30-2007 08:43 AM - edited ‎03-11-2019 04:04 AM

I have an ASA5510 running ios 7.2(2). When a client VPN is established they are not able to access any server that dose not have a static translation built. Is it necessary to build static translations for every server that needs to accessed or is there a more simple way of doing this. I've tried the sysopt command and building a vpn-filter under the policy setting neither seems to help. Any suggestions would be appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
srue
Level 7
Level 7
In response to dvanhaaren

‎08-30-2007 09:34 AM

access-list nat0_acl permit 10.3.0.0 255.255.0.0 remoteaccess_pool

access-list nat0_acl permit 10.2.0.0 255.255.0.0 remoteaccess_pool

nat (inside) 0 access-list nat0_acl

substitute 'remoteaccess_pool' with whatever the IP range is of your actual pool

View solution in original post

0 Helpful
5 Replies 5

Go to solution
srue
Level 7
Level 7

‎08-30-2007 08:46 AM

which sysopt command? permit-vpn?

Do your crypto acl's allow the communication to said servers? are you using split tunneling?

can you post a partial config?

0 Helpful

Go to solution
dvanhaaren
Level 1
Level 1
In response to srue

‎08-30-2007 09:04 AM

sysopt connection permit-vpn is the command I used.

This is a client to ASA VPN with no split tunneling.

The ACL's I tried were allowing all traffic from the tunnel-group to the server network.

access-list 10 remark verizonVPN

access-list 10 extended permit ip any 10.3.0.0 255.255.0.0

access-list 10 extended permit ip any 10.2.0.0 255.255.0.0

__________

group-policy verizon attributes

dns-server value 10.3.1.48 207.78.40.49

vpn-simultaneous-logins 10

default-domain value QDINC.net

vpn-filter value 10

________

tunnel-group verizon type ipsec-ra

tunnel-group verizon general-attributes

address-pool qdi

authentication-server-group TACACS+ LOCAL

default-group-policy verizon

tunnel-group verizon ipsec-attributes

pre-shared-key *

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to dvanhaaren

‎08-30-2007 09:34 AM

access-list nat0_acl permit 10.3.0.0 255.255.0.0 remoteaccess_pool

access-list nat0_acl permit 10.2.0.0 255.255.0.0 remoteaccess_pool

nat (inside) 0 access-list nat0_acl

substitute 'remoteaccess_pool' with whatever the IP range is of your actual pool

0 Helpful

Go to solution
dvanhaaren
Level 1
Level 1
In response to srue

‎08-30-2007 09:48 AM

That seems to have worked.

I thank you kind sir.

David

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to dvanhaaren

‎08-30-2007 09:53 AM

you're welcome...and thanks for the rating.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card