Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5510 VPN, no internet

Thanks for everyones help so far as I am very close to my goals but now I am stuck on something else.

I have internet access but when I connect to my network via VPN I can not get to the internet (via http/ping etc) I get Address translation but no connection. I can connect to everything internally just fine.

I have tried with split tunneling or without, neither help. I have a line in my ACL permitting http and can HTTP into a machine on our internal network.

Any suggestions, anything more useful to post for assistance?

Thanks to all for your help.

Newbie Moe.

8 REPLIES
Green

Re: ASA 5510 VPN, no internet

Try...

same-security-traffic permit intra-interface

global (outside) 1 interface

nat (outside) 1

New Member

Re: ASA 5510 VPN, no internet

I love the quick responses around here.. I didn't have time to grab a coffee.

So for the

nat (outside) XXXXXXXX

Would it be my internal network subnet?

Green

Re: ASA 5510 VPN, no internet

No, it would be the vpn client subnet from your ip pool. For instance if client pool is 192.168.10.0/24...

nat (outside) 1 192.168.10.0 255.255.255.0

Green

Re: ASA 5510 VPN, no internet

Or you could use split tunneling...

access-list split_tunnel standard permit ip

group-policy attributes

split-tunnel-policy tunnel-specified

split-tunnel-network-list value split_tunnel

New Member

Re: ASA 5510 VPN, no internet

Tried split tunnel and got the same results.

New Member

Re: ASA 5510 VPN, no internet

Our current IP pool is a portion of our internal network X.X.32.100 x.x.32.127 (fully routable not 192, 172, 10.10 address. ) does that matter?

Green

Re: ASA 5510 VPN, no internet

Your vpn pool should never be part of your internal subnet.

New Member

Re: ASA 5510 VPN, no internet

Actually my DHCP range was on its on subnet.

I have resolved this issue and thanks for your help.

I was creating the Split Tunneling and creating the ACL/ACE for it but was not actually enabling it on any VPN group.

326
Views
5
Helpful
8
Replies
CreatePlease to create content