Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Clients can't access internal LAN

Hello - I have seen a few other threads on this issue, but can't seem to fix mine. I have a ASA 5520. My VPN clients can connect, they get a DHCP address from our internal server no problem. I can can ping and connect to the VPN clients from our LAN, but the clients can not ping me or anything else on the LAN. The clients are connecting ipsec-ra. I know I must be missing something simple here. Here is my config. Any help would be great

2 REPLIES
Green

Re: VPN Clients can't access internal LAN

You are missing a nat exemption acl entry for you vpn client pool(192.168.200.0).

access-list nonat extended permit ip 192.168.0.0 255.255.0.0 192.168.200.0 255.255.255.0

access-list nonat extended permit ip 10.0.0.0 255.255.0.0 192.168.200.0 255.255.255.0

You do have this entry..

access-list NONAT extended permit ip any 192.168.200.0 255.255.255.0

but you cannot have 2 nat exemption acl's, so you can get rid of that one.

no access-list NONAT extended permit ip any 192.168.200.0 255.255.255.0

New Member

Re: VPN Clients can't access internal LAN

That was it. Thanks!

acomiskey - dude - for as many times as you have helped me out, if you are ever in Massachusetts, let me know. I owe you!

140
Views
5
Helpful
2
Replies
CreatePlease login to create content