Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA and internet access (on a stick) conf example

Hi all

I have the same problem as many other, with internet access via a VPN client.

It's solved by folloving the "internet on a stick" conf examble.

BUT --- it gives a lot of errors in the log like :

305005: No translation group found for udp src outside:10.17.16.15/138 dst outside:10.17.16.255/138

10.17..x.x is the VPN client pool.

Why ?? Any solution ?

I have a 3750 stack on the inside, and have tryed to have a tunnel default gateway, pointing to these. The default gateway on the 3750's is pointing at the ASA inside interface. After my opinion this shuld give the clients internet access, but i dosent.

Any explanation on this ? solutions ?

Thanks

Per Buch

Xiting DK

4 REPLIES
Gold

Re: ASA and internet access (on a stick) conf example

the log suggested that a broadcast for netbios-dgm has been received by the asa. and by default, asa will drop any broadcast packet.

i guess it cannot be avoided, as this broadcast is generated by all windows-based host.

New Member

Re: ASA and internet access (on a stick) conf example

I know that the asa will drop broadcast traffik, but why does it in this case log it ?

With 500+ client its heavy logging !!

I would like to configure without "on a stick" and let all traffik go via a router on the inside interface. Any idea why this dosent seem to be possible ? Or any solutions ?

/Per Buch

Gold

Re: ASA and internet access (on a stick) conf example

you mentioned you prefer not to configure the vpn "on a stick", i guess you are referring to let the vpn client browse the internet directly without the asa redirecting.

if so, please have a look at this doc. in particular, pix 1 config with split tunneling:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml#t1

i believe the log will go away once you configure the split tunneling.

New Member

Re: ASA and internet access (on a stick) conf example

Hi

I would prefer the VPN clients to get internet access via a router on the inside network.

I have a stack of 3750 switches as general "default router" in the internal network.

Split tunneling is not wanted.

/Per

367
Views
0
Helpful
4
Replies