Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA SSL VPN Client

I have just installed an ASA 5520 and am trying to implement SSL VPN. I have configured the appliance according to Cisco's documentation. I am able to get the SSL SVC VPN connection to connect but once connected I am not able to connect to any devices on my local network. Any help would be appreciated. Thanks Gene

5 REPLIES
Cisco Employee

Re: ASA SSL VPN Client

Gene - Here are something you want to look into.

What is the IP pool you are assigning the SVC clients to?

What is the internal network you are trying to access to?

For Eg:

Lets say your internal network is 10.10.10.x/24

and the IP address pool you are assigning is 192.168.10.x/24 for the SVC clients,

you would need a NAT exemption ACL.

Do "sh run nat" on the ASA, see if there is any statement like

nat (inside) 0 access-list

If not, using my example, create an access-list like this...

access-list 100 per ip 10.10.10.0 255.255.255.0 192.168.10.0 255.255.255.0

nat (inside) 0 access-l 100

After that, use the SVC client and see if it works.

Rate this post, if it helps!!

Cheers

Gilbert

New Member

Re: ASA SSL VPN Client

I had already done this but it still doesn't work. Thanks for the info though.

Gold

Re: ASA SSL VPN Client

Gene,

Take a look here:

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K52957940

The above is a TAC case post, have used it and works well for me!

Hope it helps you too, please rate posts if it does!

Thanks

Jay

New Member

Re: ASA SSL VPN Client

I have done this as well. I am able to see the network with just using webvpn but when I use the SSL client I cannot access the internal network. I need to be able access some servers using RDP.

Cisco Employee

Re: ASA SSL VPN Client

Gene,

Can you please provide the group-policy the SSL clients are using...

sh run all group-policy

Thanks

Gilbert

129
Views
0
Helpful
5
Replies