AnyConnect 3.0 with ASA5510 no Internal Access

nshoe18 · ‎05-09-2012

We have gotten our anyconnect clients to connect to the VPN with no issues and verifying credentials with RADIUS. Remote users however cannot access internal resources through the VPN. I know I need to setup an NAT Exempt statement for my VPN Pool to the Internal Network, but I am having problems figuring that out and looking for a little guidance.

Thank you in advance.

-Nick

rizwanr74 · ‎05-09-2012

what version of your ASA that you are running?

nshoe18 · ‎05-09-2012

Cisco Adaptive Security Appliance Software Version 8.2(5)

Device Manager Version 6.4(5)

jose.vieira525 · ‎05-09-2012

Have you tried to use packet tracer and see where the traffic is dropped?

Sent from Cisco Technical Support iPad App

nshoe18 · ‎05-09-2012

Do I have to setup a VPNACL first to allow the traffic to flow and then use that for the NAT Exemption?

jose.vieira525 · ‎05-09-2012

You have to create a access list.

e.g access-list NO-NAT extended permit object-group VPN-DHCP-POOL any ( feel free to restrict access here) log

Then create no NAT rule

e.g Nat (interface) 0 access-list NO-NAT

Sent from Cisco Technical Support iPad App