Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
306
Views
5
Helpful
2
Replies

VPN Clients can't access internal LAN

adcorbett_2
Level 1
Level 1

‎05-30-2008 06:47 AM - edited ‎02-21-2020 03:45 PM

Hello - I have seen a few other threads on this issue, but can't seem to fix mine. I have a ASA 5520. My VPN clients can connect, they get a DHCP address from our internal server no problem. I can can ping and connect to the VPN clients from our LAN, but the clients can not ping me or anything else on the LAN. The clients are connecting ipsec-ra. I know I must be missing something simple here. Here is my config. Any help would be great

Labels:
Preview file
11 KB
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎05-30-2008 07:01 AM

You are missing a nat exemption acl entry for you vpn client pool(192.168.200.0).

access-list nonat extended permit ip 192.168.0.0 255.255.0.0 192.168.200.0 255.255.255.0

access-list nonat extended permit ip 10.0.0.0 255.255.0.0 192.168.200.0 255.255.255.0

You do have this entry..

access-list NONAT extended permit ip any 192.168.200.0 255.255.255.0

but you cannot have 2 nat exemption acl's, so you can get rid of that one.

no access-list NONAT extended permit ip any 192.168.200.0 255.255.255.0

adcorbett_2
Level 1
Level 1
In response to acomiskey

‎06-01-2008 09:56 AM

That was it. Thanks!

acomiskey - dude - for as many times as you have helped me out, if you are ever in Massachusetts, let me know. I owe you!

0 Helpful
Customers Also Viewed These Support Documents