Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

No local lan access Ipsec VPN

Hi

This week i configured a remote access vpn to an asa 5510.

See this topic: https://supportforums.cisco.com/message/3191344#3191344

Thanks to the support, i can connect now, but i still don't have any local lan access.

When i connect with my vpn client.

My internal dhcp pool is 192.0.0.0 255.255.255.0

My dhcp pool is 192.0.1.0 255.255.255.0

I have attachted my running config, and some screenshots from my VPN client when connected.

Any help would be appreciated

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: No local lan access Ipsec VPN

You've added an incorrect NAT exemption ACL. It should be:

access-list inside_nat0_outbound_1 extended permit ip any 192.0.1.0 255.255.255.0

and to test pinging the inside interface, pls add:

management-access inside

Hope that resolves the issue.

10 REPLIES
Cisco Employee

Re: No local lan access Ipsec VPN

You've added an incorrect NAT exemption ACL. It should be:

access-list inside_nat0_outbound_1 extended permit ip any 192.0.1.0 255.255.255.0

and to test pinging the inside interface, pls add:

management-access inside

Hope that resolves the issue.

New Member

Re: No local lan access Ipsec VPN

Hi Jennifer

Thank you for the quick responce, but i still don't have local lan access.

when i'mconnected, my default gateway that i get from the asa, is the same as the ip

address i get from the asa.

Connection-specific DNS Suffix  . : xxxxxxxxxxxxxxxxx
IP Address. . . . . . . . . . . . : 192.0.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.0.1.2

Is this correct, it seems odd, but i don't know much about vpn's, as you may already know.

Thanks for all the help

Cisco Employee

Re: No local lan access Ipsec VPN

yes, that is OK. from the statistics page, your vpn client is sending the traffic towards the ASA, but no traffic is returning.

Can you share the output of:

show crypto ipsec sa

Can you ping the ASA inside interface from vpn client?

Cisco Employee

Re: No local lan access Ipsec VPN

Also, enable this command:

crypto isakmp nat-traversal

New Member

Re: No local lan access Ipsec VPN

Ok here is the output

Cisco Employee

Re: No local lan access Ipsec VPN

is ping to 192.0.0.40 successful?

New Member

Re: No local lan access Ipsec VPN

Yes now ping to 192.0.0.40 is succesfull

Cisco Employee

Re: No local lan access Ipsec VPN

Perfect,..

What other hosts are you trying to access internally? ping as well? you might want to check if personal firewall is turned on the inside host as it blocks incoming/inbound traffic from other subnets normally.

New Member

Re: No local lan access Ipsec VPN

Hi

Now, i can ping to clients in the local network.

In my vpn client, it still says: Local access: Disabeld.

But it works, i'm happy.

Thank you very much for your help and quick responses Jennifer.



Cisco Employee

Re: No local lan access Ipsec VPN

Great, thanks for the update. Please kindly mark the post as answered.

1432
Views
0
Helpful
10
Replies
CreatePlease login to create content