Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Local Lan Access thru the ASA5510

I am at my wits end trying to figure this out. We are in the process of replacing our good ol' 3030 with an ASA 5510 for vpn purposes. I have setup the ASA as follows:

E0/0 is the public interface: xxx.xxx.199.10/24

E0/1 is the private interface: 172.20.72.0/24

The remote clients get a 10.12.27.xxx address from the ASA.

The client get the address fine, but can not access anything on the 172.20.72.xxx network. What piece am I missing? Some type of NAT?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Local Lan Access thru the ASA5510

William, glad all has worked, don't forget to rate helpful posts.

Regards

7 REPLIES

Re: Local Lan Access thru the ASA5510

check your nonat acl to make sure you permit RA vpn pool network,

access-list nside_nat0_outbound extended permit ip 172.20.72.0 255.255.255.0 10.12.27.0

nat (inside) 0 access-list inside_nat0_outbound

if you already have a nonat acl peimiting the traffic then make sure you have NAT-T enabled globally in ASA :

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#Solution1

Regards

Re: Local Lan Access thru the ASA5510

William, is your problem resolved with the suggestions I have provided, let us know otherwise to assist you fruther.

Regards

New Member

Re: Local Lan Access thru the ASA5510

I am in the same boat, but I am missing the big picture.

Here is my IP configs of my VPN connected client:

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 70.211.67.89

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 70.211.67.89

Ethernet adapter VPN#1:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.100.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

I have attached the ipconfig and route print. The ASA address is: 163.105.74.249

I can ping the ASA and Yahoo, but no inside addresses (10.4.4.x)

Can you give me some ideas of what is wrong. I am using split tunneling.

New Member

Re: Local Lan Access thru the ASA5510

still stuck,

I will send my config file if that is okay.

New Member

Re: Local Lan Access thru the ASA5510

attached is the config file

New Member

Re: Local Lan Access thru the ASA5510

The vpn is now working. I added your suggestions. I also added a route I had oitted in the router for the 172.20.72.x network to send 10.12.27.x traffic to the asa5510 at 172.20.72.5. After that, pings and access worked. Thanks

Re: Local Lan Access thru the ASA5510

William, glad all has worked, don't forget to rate helpful posts.

Regards

401
Views
11
Helpful
7
Replies
CreatePlease to create content