01-05-2012 12:08 AM
Hi all,
I am simulating Anyconnect VPN connection in the lab.I have an issue while configuring Anyconnect VPN on ASA5510.
I can have a successfull anyconnect connection but i can't ping my firewall Interface IPs while i am in the connection.
ASA 5510
Outside IP: 192.168.1.1/24
PC connected to Outside Interface: 192.168.1.10/24
Inside IP:10.10.10.1/24
PC connected to Inside Interface: 10.10.10.100/24
Pool : 10.20.20.11 - 10.20.20.50 /24
I have a successful VPN connection & the PC connected to the outside Interface gets an IP address from the assigned pool (10.20.20.11 with default gateway of 10.20.20.1).But i can't reach (ping/telent) to the ASA while I am on the anyconnect VPN connection.
I beleive it is mostly due to NAT/Routing issue..
Please find the attached file (with show run & show version output).
Thanks in advance.
Solved! Go to Solution.
01-05-2012 11:09 AM
Configure "management-access inside"
Sent from Cisco Technical Support iPad App
01-06-2012 02:08 AM
You need to add a NAT Exemption for the inside IP subnet to the VPN IP Pool Subnet.
01-05-2012 11:09 AM
Configure "management-access inside"
Sent from Cisco Technical Support iPad App
01-05-2012 07:00 PM
Hi Andrew,
Thanks for the response..
I have entered this command..with this command i can just ping the inside interface IP..but not any other resources (like the PC connected to the inside interface,telnet etc.,.)
01-06-2012 12:19 AM
so the issue to ping the asa inside interface is fixed?
Sent from Cisco Technical Support iPad App
01-06-2012 01:58 AM
yes Andrew, now i can ping the inside interface.Thanks..
But as mentioned earlier, i can't access any other resources (like the PC connected to the inside interface,telnet etc.,.)
01-06-2012 02:08 AM
You need to add a NAT Exemption for the inside IP subnet to the VPN IP Pool Subnet.
01-10-2012 07:21 PM
Hi Andrew,
I am not sure if i have done that correctly in my config..can you please check on that:
access-list no_NAT extended permit ip host 10.10.10.5 10.20.20.0 255.255.255.0
object network nonat
subnet 10.20.20.0 255.255.255.0
object network DNS
host 10.10.10.5
nat (inside,inside) source static nonat nonat destination static DNS DNS
Thanks in advance.
01-10-2012 09:36 PM
object network nonat
subnet 10.20.20.0 255.255.255.0
object network DNS
host 10.10.10.5
nat (inside,outside) source static nonat nonat destination static DNS DNS
Thanks
Ajay
01-11-2012 06:43 PM
Hi all,
I have the Anyconnect VPN connection UP..but could do nothing once the connection established..Can't telnet/ping PC connected to PC connected to the inside interface...
Please can someone go through the attached config file & give me your valuable suusgestions..Not sure which part i am missing...
Thanks in advance.
Abdul Rahman
01-11-2012 07:04 PM
Hi all,
I have the Anyconnect VPN connection UP..but could do nothing once the connection established..Can't telnet/ping PC connected to PC connected to the inside interface...
Please can someone go through the attached config file & give me your valuable suusgestions..Not sure which part i am missing...
Thanks in advance.
Posting my Question once again:
ASA 5510
Outside IP: 192.168.1.1/24
PC connected to Outside Interface: 192.168.1.10/24
Inside IP:10.10.10.1/24
PC connected to Inside Interface: 10.10.10.100/24
Pool : 10.20.20.11 - 10.20.20.50 /24
I have a successful VPN connection & the PC connected to the outside Interface gets an IP address from the assigned pool (10.20.20.11 with default gateway of 10.20.20.1).But i can't reach (ping/telent) to the ASA while I am on the anyconnect VPN connection & i could do nothing with the Anyconnect VPN connection.
Please find the attached file (with show run & show version output).
Abdul Rahman
01-18-2012 09:26 PM
Hi all,
The issue is fixed...
The problem was due to NAT misconfig.
Anyways, Thanks for all your suggestions.
Abdul Rahman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide