05-30-2008 06:47 AM - edited 02-21-2020 03:45 PM
Hello - I have seen a few other threads on this issue, but can't seem to fix mine. I have a ASA 5520. My VPN clients can connect, they get a DHCP address from our internal server no problem. I can can ping and connect to the VPN clients from our LAN, but the clients can not ping me or anything else on the LAN. The clients are connecting ipsec-ra. I know I must be missing something simple here. Here is my config. Any help would be great
05-30-2008 07:01 AM
You are missing a nat exemption acl entry for you vpn client pool(192.168.200.0).
access-list nonat extended permit ip 192.168.0.0 255.255.0.0 192.168.200.0 255.255.255.0
access-list nonat extended permit ip 10.0.0.0 255.255.0.0 192.168.200.0 255.255.255.0
You do have this entry..
access-list NONAT extended permit ip any 192.168.200.0 255.255.255.0
but you cannot have 2 nat exemption acl's, so you can get rid of that one.
no access-list NONAT extended permit ip any 192.168.200.0 255.255.255.0
06-01-2008 09:56 AM
That was it. Thanks!
acomiskey - dude - for as many times as you have helped me out, if you are ever in Massachusetts, let me know. I owe you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: