Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
1
Replies

vpn problem with asa ver 7.2

Go to solution
giovanni.cock
Level 1
Level 1

‎08-15-2008 04:02 PM - edited ‎03-11-2019 06:31 AM

hi,i am new in the security world, so i having connectivity problems from the vpn clients to the internal lan, when a remote vpn client connects with the asa, the vpn works fine, but the vpn clien is not able to ping any inside host , and the remote vpn client stops to navigate in internet, but it has internet....what could happen?

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-15-2008 06:04 PM

hi

u have to stages to resolve ur problems

u said the client is connected and geting ip address but unable to comunicat or ping this ca be solved by nat exmption or nat 0

for example

if u r local LAN network is 192.168.1.0 /24

and the vpn clients pool ip addresses is 172.16.1.0 /24

then do the following

access-list 100 permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

nat (inside) 0 access-list 100

now they will be able to ping

about the second issue which is the internet browsing this can be sovled wiht feature called siplet tunneling

in this feature u gonna let the client to sed traffic only to ur LAN behind the firewall as tunneled traffic anything els will go based on user local machine setting

first creat ACL for the split tunling

assuming ur LAN is 192.168.1.0

access-list split standard permit 192.168.1.0 255.255.255.0

group-policy [ ur gorup policy name] internal

group-policy [ur gorup policy name] attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

and the folowing example for refrence

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

good luck

please, if helpful rate

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎08-15-2008 06:04 PM

hi

u have to stages to resolve ur problems

u said the client is connected and geting ip address but unable to comunicat or ping this ca be solved by nat exmption or nat 0

for example

if u r local LAN network is 192.168.1.0 /24

and the vpn clients pool ip addresses is 172.16.1.0 /24

then do the following

access-list 100 permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

nat (inside) 0 access-list 100

now they will be able to ping

about the second issue which is the internet browsing this can be sovled wiht feature called siplet tunneling

in this feature u gonna let the client to sed traffic only to ur LAN behind the firewall as tunneled traffic anything els will go based on user local machine setting

first creat ACL for the split tunling

assuming ur LAN is 192.168.1.0

access-list split standard permit 192.168.1.0 255.255.255.0

group-policy [ ur gorup policy name] internal

group-policy [ur gorup policy name] attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

and the folowing example for refrence

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

good luck

please, if helpful rate

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card