Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connection

I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.

New Member

Re: VPN connection

Post your routing and access-list + NAT



Re: VPN connection

is split tunneling enabled on the firewall?

Cisco Employee

Re: VPN connection

maybe it's NAT exepltion issue. maybe you need to add NAT 0 command...

New Member

Re: VPN connection

Hi All,

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address x.x.x.x

interface GigabitEthernet0/1

description Internet

nameif Inside

security-level 100

ip address x.x.x.x

interface Management0/0

nameif management

security-level 100

ip address 10.0.x.x 255.x.x.0

access-list Inside_mpc remark Trafiic for CSC Scan

access-list Inside_mpc extended permit tcp object-group DM_INLINE_NETWORK_1 any eq www

access-list Inside_access_in extended permit ip any any log critical

access-list outacc extended permit icmp any any log critical

access-list outacc extended permit object-group DM_INLINE_SERVICE_6 any any log critical

access-list Inside_mpc_2 extended permit tcp object-group DM_INLINE_NETWORK_2 any eq www

access-list Cisco_splitTunnelAcl standard permit x.x.x.x

access-list Inside_nat0_outbound extended permit x.x.x.x x.x.x.0

access-list Inside_nat0_outbound extended permit x.x.x.x

access-list Inside_nat0_outbound extended permit ip any x.x.x.x

access-list Inside_nat0_outbound extended permit ip any x.x.x.x

access-list Inside_mpc_3 remark csc

access-list aba_splitTunnelAcl standard permit x.x.x.x

access-list management_splitTunnelAcl standard permit x.x.x.x

access-list Outside_access_in remark For vpn connection

access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any log notifications

ip local pool abavpnpool x.x.x.x-x.x.x.x mask

ip local pool testpool x.x.x.x-x.x.x.x mask

no failover

icmp unreachable rate-limit 1 burst-size 1


global (Outside) 1 x.x.x.x

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1

access-group outacc in interface Outside

access-group Inside_access_in_1 in interface Inside

route Outside x.x.x.x

route Inside x.x.x.x x.x.x.x 1

vpn-group-policy abavpn

tunnel-group abavpn type remote-access

tunnel-group abavpn general-attributes

address-pool abavpnpool

default-group-policy abavpn

tunnel-group abavpn ipsec-attributes

pre-shared-key *

tunnel-group test type remote-access

tunnel-group test general-attributes

address-pool testpool

default-group-policy test

tunnel-group test ipsec-attributes



Re: VPN connection


I believe that you need to define a group-policy that will use the defined split tunnel.

group-policy test internal

group-policy test attributes

dns-server value x.x.x.x

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Cisco_splitTunnelAcl

default-domain value

CreatePlease to create content