Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
399
Views
0
Helpful
5
Replies

VPN connection

CSCO10320953
Level 1
Level 1

‎02-03-2009 04:57 AM - edited ‎03-11-2019 07:45 AM

I am able to access remote access vpn.After logging vpn connection,I am unable to access inside the nework.

Labels:
0 Helpful
5 Replies 5

hunnetvl01
Level 1
Level 1

‎02-03-2009 05:10 AM

Post your routing and access-list + NAT

Vlad

0 Helpful

Tshi M
Level 5
Level 5

‎02-03-2009 08:15 AM

is split tunneling enabled on the firewall?

0 Helpful

rjaaouan
Cisco Employee
Cisco Employee
In response to Tshi M

‎02-03-2009 02:41 PM

maybe it's NAT exepltion issue. maybe you need to add NAT 0 command...

0 Helpful

CSCO10320953
Level 1
Level 1
In response to rjaaouan

‎02-03-2009 09:29 PM

Hi All,

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address x.x.x.x 255.255.255.248

interface GigabitEthernet0/1

description Internet

nameif Inside

security-level 100

ip address x.x.x.x 255.255.255.248

interface Management0/0

nameif management

security-level 100

ip address 10.0.x.x 255.x.x.0

access-list Inside_mpc remark Trafiic for CSC Scan

access-list Inside_mpc extended permit tcp object-group DM_INLINE_NETWORK_1 any eq www

access-list Inside_access_in extended permit ip any any log critical

access-list outacc extended permit icmp any any log critical

access-list outacc extended permit object-group DM_INLINE_SERVICE_6 any any log critical

access-list Inside_mpc_2 extended permit tcp object-group DM_INLINE_NETWORK_2 any eq www

access-list Cisco_splitTunnelAcl standard permit x.x.x.x 255.255.255.248

access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 x.x.x.0 255.255.255.0

access-list Inside_nat0_outbound extended permit x.x.x.x 255.255.255.248 220.220.220.0 255.255.255.0

access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.224

access-list Inside_nat0_outbound extended permit ip any x.x.x.x 255.255.255.0

access-list Inside_mpc_3 remark csc

access-list aba_splitTunnelAcl standard permit x.x.x.x 255.255.255.248

access-list management_splitTunnelAcl standard permit x.x.x.x 255.255.252.0

access-list Outside_access_in remark For vpn connection

access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any log notifications

ip local pool abavpnpool x.x.x.x-x.x.x.x mask 255.255.252.0

ip local pool testpool x.x.x.x-x.x.x.x mask 255.255.255.0

no failover

icmp unreachable rate-limit 1 burst-size 1

nat-control

global (Outside) 1 x.x.x.x

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 1 0.0.0.0 0.0.0.0

access-group outacc in interface Outside

access-group Inside_access_in_1 in interface Inside

route Outside 0.0.0.0 0.0.0.0 x.x.x.x

route Inside x.x.x.x 255.255.252.0 x.x.x.x 1

vpn-group-policy abavpn

tunnel-group abavpn type remote-access

tunnel-group abavpn general-attributes

address-pool abavpnpool

default-group-policy abavpn

tunnel-group abavpn ipsec-attributes

pre-shared-key *

tunnel-group test type remote-access

tunnel-group test general-attributes

address-pool testpool

default-group-policy test

tunnel-group test ipsec-attributes

pre-shared-ke

0 Helpful

Tshi M
Level 5
Level 5
In response to CSCO10320953

‎02-04-2009 08:14 AM

Hi,

I believe that you need to define a group-policy that will use the defined split tunnel.

group-policy test internal

group-policy test attributes

dns-server value x.x.x.x

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Cisco_splitTunnelAcl

default-domain value xxx.com

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card