Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Any connect VPN issue - ASA5510

Hi all,

I am simulating Anyconnect VPN connection in the lab.I have an issue while configuring Anyconnect VPN on ASA5510.

I can have a successfull anyconnect connection but i can't ping my firewall Interface IPs while i am in the connection.

ASA 5510

Outside IP: 192.168.1.1/24

PC connected to Outside Interface: 192.168.1.10/24

Inside IP:10.10.10.1/24

PC connected to Inside Interface: 10.10.10.100/24

Pool : 10.20.20.11 - 10.20.20.50 /24

I have a successful VPN connection & the PC connected to the outside Interface gets an IP address  from the assigned pool (10.20.20.11 with default gateway of 10.20.20.1).But i can't reach (ping/telent) to the ASA while I am on the anyconnect VPN connection.

I beleive it is mostly due to NAT/Routing issue..

Please find the attached file (with show run & show version output).

Thanks in advance.

Everyone's tags (2)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Any connect VPN issue - ASA5510

Configure "management-access inside"

Sent from Cisco Technical Support iPad App

Any connect VPN issue - ASA5510

You need to add a NAT Exemption for the inside IP subnet to the VPN IP Pool Subnet.

10 REPLIES

Re: Any connect VPN issue - ASA5510

Configure "management-access inside"

Sent from Cisco Technical Support iPad App

New Member

Any connect VPN issue - ASA5510

Hi Andrew,

Thanks for the response..

I have entered this command..with this command i can just ping the inside interface IP..but not any other resources (like the PC connected to the inside interface,telnet etc.,.)

Re: Any connect VPN issue - ASA5510

so the issue to ping the asa inside interface is fixed?

Sent from Cisco Technical Support iPad App

New Member

Any connect VPN issue - ASA5510

yes Andrew, now i can ping the inside interface.Thanks..

But as mentioned earlier, i can't access any other resources (like the PC connected to the inside interface,telnet etc.,.)

Any connect VPN issue - ASA5510

You need to add a NAT Exemption for the inside IP subnet to the VPN IP Pool Subnet.

New Member

Any connect VPN issue - ASA5510

Hi Andrew,

I am not sure if i have done that correctly in my config..can you  please check on that:

access-list no_NAT extended permit ip host 10.10.10.5 10.20.20.0 255.255.255.0

object network nonat

subnet 10.20.20.0 255.255.255.0

object network DNS

host 10.10.10.5

nat (inside,inside) source static nonat nonat destination static DNS DNS

Thanks in advance.

Any connect VPN issue - ASA5510

object network nonat

subnet 10.20.20.0 255.255.255.0

object network DNS

host 10.10.10.5

nat (inside,outside) source static nonat nonat destination static DNS DNS

Thanks

Ajay

New Member

Any connect VPN issue - ASA5510

Hi all,

I have the Anyconnect VPN connection UP..but could do nothing once the connection established..Can't telnet/ping PC connected to PC connected to the inside interface...

Please can someone go through the attached config file & give me your valuable suusgestions..Not sure which part i am missing...

Thanks in advance.

Abdul Rahman

New Member

Re: Any connect VPN issue - ASA5510

Hi all,

I have the Anyconnect VPN connection UP..but could do nothing once the connection established..Can't telnet/ping PC connected to PC connected to the inside interface...

Please can someone go through the attached config file & give me your valuable suusgestions..Not sure which part i am missing...

Thanks in advance.

Posting my Question once again:

ASA 5510

Outside IP: 192.168.1.1/24

PC connected to Outside Interface: 192.168.1.10/24

Inside IP:10.10.10.1/24

PC connected to Inside Interface: 10.10.10.100/24

Pool : 10.20.20.11 - 10.20.20.50 /24

I have a successful VPN connection & the PC connected to the outside Interface gets an IP address  from the assigned pool (10.20.20.11 with default gateway of 10.20.20.1).But i can't reach (ping/telent) to the ASA while I am on the anyconnect VPN connection & i could do nothing with the Anyconnect VPN connection.

Please find the attached file (with show run & show version output).

Abdul Rahman

New Member

Re: Any connect VPN issue - ASA5510

Hi all,

The issue is fixed...

The problem was due to NAT misconfig.

Anyways, Thanks for all your suggestions.

Abdul Rahman

1670
Views
0
Helpful
10
Replies
CreatePlease login to create content