Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2275
Views
0
Helpful
10
Replies

Any connect VPN issue - ASA5510

Go to solution
thambiraja
Level 1
Level 1

‎01-05-2012 12:08 AM

Hi all,

I am simulating Anyconnect VPN connection in the lab.I have an issue while configuring Anyconnect VPN on ASA5510.

I can have a successfull anyconnect connection but i can't ping my firewall Interface IPs while i am in the connection.

ASA 5510

Outside IP: 192.168.1.1/24

PC connected to Outside Interface: 192.168.1.10/24

Inside IP:10.10.10.1/24

PC connected to Inside Interface: 10.10.10.100/24

Pool : 10.20.20.11 - 10.20.20.50 /24

I have a successful VPN connection & the PC connected to the outside Interface gets an IP address  from the assigned pool (10.20.20.11 with default gateway of 10.20.20.1).But i can't reach (ping/telent) to the ASA while I am on the anyconnect VPN connection.

I beleive it is mostly due to NAT/Routing issue..

Please find the attached file (with show run & show version output).

Thanks in advance.

Labels:
Preview file
17 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎01-05-2012 11:09 AM

Configure "management-access inside"

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to thambiraja

‎01-06-2012 02:08 AM

You need to add a NAT Exemption for the inside IP subnet to the VPN IP Pool Subnet.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
andrew.prince
Level 10
Level 10

‎01-05-2012 11:09 AM

Configure "management-access inside"

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
thambiraja
Level 1
Level 1
In response to andrew.prince

‎01-05-2012 07:00 PM

Hi Andrew,

Thanks for the response..

I have entered this command..with this command i can just ping the inside interface IP..but not any other resources (like the PC connected to the inside interface,telnet etc.,.)

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to thambiraja

‎01-06-2012 12:19 AM

so the issue to ping the asa inside interface is fixed?

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
thambiraja
Level 1
Level 1
In response to andrew.prince

‎01-06-2012 01:58 AM

yes Andrew, now i can ping the inside interface.Thanks..

But as mentioned earlier, i can't access any other resources (like the PC connected to the inside interface,telnet etc.,.)

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to thambiraja

‎01-06-2012 02:08 AM

You need to add a NAT Exemption for the inside IP subnet to the VPN IP Pool Subnet.

0 Helpful

Go to solution
thambiraja
Level 1
Level 1
In response to andrew.prince

‎01-10-2012 07:21 PM

Hi Andrew,

I am not sure if i have done that correctly in my config..can you  please check on that:

access-list no_NAT extended permit ip host 10.10.10.5 10.20.20.0 255.255.255.0

object network nonat

subnet 10.20.20.0 255.255.255.0

object network DNS

host 10.10.10.5

nat (inside,inside) source static nonat nonat destination static DNS DNS

Thanks in advance.

0 Helpful

Go to solution
ajay chauhan
Level 7
Level 7
In response to thambiraja

‎01-10-2012 09:36 PM

object network nonat

subnet 10.20.20.0 255.255.255.0

object network DNS

host 10.10.10.5

nat (inside,outside) source static nonat nonat destination static DNS DNS

Thanks

Ajay

0 Helpful

Go to solution
holger.peters
Level 1
Level 1
In response to ajay chauhan

‎01-11-2012 06:43 PM

Hi all,

I have the Anyconnect VPN connection UP..but could do nothing once the connection established..Can't telnet/ping PC connected to PC connected to the inside interface...

Please can someone go through the attached config file & give me your valuable suusgestions..Not sure which part i am missing...

Thanks in advance.

Abdul Rahman

0 Helpful

Go to solution
thambiraja
Level 1
Level 1
In response to holger.peters

‎01-11-2012 07:04 PM

Hi all,

I have the Anyconnect VPN connection UP..but could do nothing once the connection established..Can't telnet/ping PC connected to PC connected to the inside interface...

Please can someone go through the attached config file & give me your valuable suusgestions..Not sure which part i am missing...

Thanks in advance.

Posting my Question once again:

ASA 5510

Outside IP: 192.168.1.1/24

PC connected to Outside Interface: 192.168.1.10/24

Inside IP:10.10.10.1/24

PC connected to Inside Interface: 10.10.10.100/24

Pool : 10.20.20.11 - 10.20.20.50 /24

I have a successful VPN connection & the PC connected to the outside Interface gets an IP address  from the assigned pool (10.20.20.11 with default gateway of 10.20.20.1).But i can't reach (ping/telent) to the ASA while I am on the anyconnect VPN connection & i could do nothing with the Anyconnect VPN connection.

Please find the attached file (with show run & show version output).

Abdul Rahman

Preview file
17 KB
0 Helpful

Go to solution
thambiraja
Level 1
Level 1
In response to thambiraja

‎01-18-2012 09:26 PM

Hi all,

The issue is fixed...

The problem was due to NAT misconfig.

Anyways, Thanks for all your suggestions.

Abdul Rahman

0 Helpful
Customers Also Viewed These Support Documents