Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote Access VPN dead end

Hi all. I have a 5510 that I'm using for both a l2l ipsec tunnel as well as remote access. I've been staring at this thing so long I'm loopy.

My l2l tunnel is up and happy. The hosts can talk to each other.

My RA is happy as far as I can log in with a vpn client. Unfortunately, I am unable to access anything besides the ASA itself when I'm connected. I can't ping the host on the inside.

I need to be able to access the host 10.0.5.10/26 on the inside interface which is 10.0.5.1/26. I've attached the config.

Can anyone see any glaring problems? I think its likely an ACL problem, I'm a little new at this stuff though and I'm not sure if I'm doing it right.

One thing I noticed is that when I check my ipconfig after connecting to the vpn. I get this...

IP Address: 10.0.5.20

Subnet Mask: 255.255.255.192

Default Gateway: 10.0.5.20

That seems like an odd gateway...

Thank You!

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Remote Access VPN dead end

Add..

isakmp nat-traversal

Also, change your vpn client pool to another subnet. It should not be on the same subnet as your inside.

ip local pool gsa 10.0.6.0-10.0.6.254 mask 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.5.0 255.255.255.192 10.0.6.0 255.255.255.0

Please rate helpfulp posts.

4 REPLIES
Green

Re: Remote Access VPN dead end

Add..

isakmp nat-traversal

Also, change your vpn client pool to another subnet. It should not be on the same subnet as your inside.

ip local pool gsa 10.0.6.0-10.0.6.254 mask 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.0.5.0 255.255.255.192 10.0.6.0 255.255.255.0

Please rate helpfulp posts.

Community Member

Re: Remote Access VPN dead end

Thanks for the reply. I added that command but it doesn't appear to have made a difference.

Green

Re: Remote Access VPN dead end

I edited my post above.

Community Member

Re: Remote Access VPN dead end

Good deal, thanks for the help! I've been burned by the subnet rule before. I should've known.

110
Views
0
Helpful
4
Replies
CreatePlease to create content