04-24-2008 05:36 AM - edited 02-21-2020 03:41 PM
I have set up in a lab right now a ASA 5520 with a live internet connection. I have a 2611 haning off the inside interface, and a 2950 switch into which I have an AD server plugged in. I have VPN set up for Cisco VPN client. I can connect up just fine, get an address from the address pool and connect all over the lab. I can not, however get to the internet. If I try to ping or browse, it resolves the name to an address, but times out trying to get there. I can get to the internet from the lab PC's no problem. It's probably something simple I am missing, any help would be great. I am attaching the ASA config. Thanks!
04-24-2008 05:47 AM
Since you have already defined nat for the vpn clients, I assume you don't want to split tunnel...
global (Internet) 1 72.X.X.X netmask 255.255.255.255
nat (Internet) 1 0.0.0.0 0.0.0.0
To complete the hairpin, you are missing...
same-security-traffic permit intra-interface
04-24-2008 06:02 AM
Yeah, we are trying to avoid split-tunneling. Thanks, I added that but it's still not working.
04-24-2008 06:12 AM
Here's the cisco doc...
You should be ok. Check the client, status -> statistics -> route details. Make sure you have 0 0 under secured routes.
04-24-2008 06:56 AM
04-24-2008 07:41 AM
Ok, I went through that document and still nothing, also I checked the client stats and do have 0 0 under secured routes.
04-24-2008 11:31 AM
04-24-2008 11:56 AM
A few more things to try. Have you considered upgrading from 7.1.2?
Also, this route statement is not correct. Not that this will fix your internet problem however.
route Inside 192.168.0.0 255.255.0.0 192.168.210.1 1
Your vpn pool is part of 192.168.0.0/16 and is not reachable via 192.168.210.1.
This also shouldn't matter but try...
nat (Internet) 1 192.168.200.0 255.255.255.0
04-25-2008 04:51 AM
All set..after adding
No nat (Internet) 1 0.0.0.0 0.0.0.0
nat (Internet) 1 192.168.200.0 255.255.255.0
clear xlate
clear local
everything is working now. Thanks for the input!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: