Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connection

I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.

5 REPLIES
New Member

Re: VPN connection

Post your routing and access-list + NAT

Vlad

Bronze

Re: VPN connection

is split tunneling enabled on the firewall?

Cisco Employee

Re: VPN connection

maybe it's NAT exepltion issue. maybe you need to add NAT 0 command...

New Member

Re: VPN connection

Hi All,

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address x.x.x.x 255.255.255.248

interface GigabitEthernet0/1

description Internet

nameif Inside

security-level 100

ip address x.x.x.x 255.255.255.248

interface Management0/0

nameif management

security-level 100

ip address 10.0.x.x 255.x.x.0

access-list Inside_mpc remark Trafiic for CSC Scan

access-list Inside_mpc extended permit tcp object-group DM_INLINE_NETWORK_1 any eq www

access-list Inside_access_in extended permit ip any any log critical

access-list outacc extended permit icmp any any log critical

access-list outacc extended permit object-group DM_INLINE_SERVICE_6 any any log critical

access-list Inside_mpc_2 extended permit tcp object-group DM_INLINE_NETWORK_2 any eq www

access-list Cisco_splitTunnelAcl standard permit x.x.x.x 255.255.255.248

access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 x.x.x.0 255.255.255.0

access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 220.220.220.0 255.255.255.0

access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.224

access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.0

access-list Inside_mpc_3 remark csc

access-list aba_splitTunnelAcl standard permit x.x.x.x 255.255.255.248

access-list management_splitTunnelAcl standard permit x.x.x.x 255.255.252.0

access-list Outside_access_in remark For vpn connection

access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any log notifications

ip local pool abavpnpool x.x.x.x-x.x.x.x mask 255.255.252.0

ip local pool testpool x.x.x.x-x.x.x.x mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

nat-control

global (Outside) 1 x.x.x.x

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1 0.0.0.0 0.0.0.0

access-group outacc in interface Outside

access-group Inside_access_in_1 in interface Inside

route Outside 0.0.0.0 0.0.0.0 x.x.x.x

route Inside x.x.x.x 255.255.252.0 x.x.x.x 1

vpn-group-policy abavpn

tunnel-group abavpn type remote-access

tunnel-group abavpn general-attributes

address-pool abavpnpool

default-group-policy abavpn

tunnel-group abavpn ipsec-attributes

pre-shared-key *

tunnel-group test type remote-access

tunnel-group test general-attributes

address-pool testpool

default-group-policy test

tunnel-group test ipsec-attributes

pre-shared-ke

Bronze

Re: VPN connection

Hi,

I believe that you need to define a group-policy that will use the defined split tunnel.

group-policy test internal

group-policy test attributes

dns-server value x.x.x.x

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Cisco_splitTunnelAcl

default-domain value xxx.com

147
Views
0
Helpful
5
Replies
CreatePlease to create content