VPN Access ok - No LAN access

c17charternet · ‎06-09-2008

Hi - I have a ASA 5520 that I just put in. I have it set up for remote access VPN. My clents can connect to the VPN, get and address from the VPN pool, and authenticate against my AD server and get logged in, but then there seems to be no routing taking place. I can ping anything on the local lan or get any type of DNS to work. I do have the "Alllow Local LAN Access" checked in the client. Hereis the ASA config, can someone tell me what is missing or wrong? Thank You

JORGE RODRIGUEZ · ‎06-09-2008

You have

access-list nonat extended permit ip 192.168.100.0 255.255.255.0 10.0.0.0 255.255.0.0

access-list nonat extended permit ip 192.168.100.0 255.255.255.0 192.168.0.0 255.255.0.0

access-list nonat extended permit ip 192.168.200.0 255.255.255.0 10.0.0.0 255.255.0.0

access-list nonat extended permit ip any 192.168.200.0 255.255.255.0

I would be specific in your access list for allowing your VPN pool network to your inside subnet.

For example your inside subnet is 192.168.100.0/24 and your VPN pool network is 192.168.200.0/24 You only need one acl for the above networks as:

access-list nonat extended permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0

the same applies for any other subnet behind your asa or if you create another vpn pool network under a different tunnel group and ip scheme for that tunnle group.

i.e

access-list nonat permit ip

Try these chnages and let us know how it works out.

BTW, your post should have been entered under Virtual Private networks forum but we'll try helping you here under this forum and get your problem resolved.

Rgds

-Jorge

Jorge Rodriguez