Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
1
Replies

AnyConnect VPN to multiple inside VLAN?

MARTIN DESAX
Level 1
Level 1

‎02-26-2014 04:11 AM - edited ‎02-21-2020 07:31 PM

Hello,

We have an ASA 5020 8.4 with:

outside IF: public IP

inside IF 1: Management LAN 172.16.0.0/24  (Sec Level 99)

inside IF 2: VLAN2 10.0.50.0/24   (Sec Level 50)

inside IF 3: VLAN3 10.0.90.0/24   (Sec Level 50)

etc.

My AnyConnect VPN Client configuration:

VPN Access IF: outside IF

Bypass IF ACL.

Traffic between IF with same security level enabled.

VPN IP pool 172.17.0.80...99/24 (used only for the VPN clients)

NAT rules: IF1, IF2, IF3 to outside IF (VPN IP pool) no nat.

My workstation can connect to the ASA with the Anyconnect Client and I can access hosts on the inside IF 1: Management LAN 172.16.0.0/24

BUT I can't access any of the other inside IF/VLAN.

What is wrong with my configuration?

1 person had this problem
Labels:
0 Helpful
1 Reply 1

MARTIN DESAX
Level 1
Level 1

‎02-26-2014 07:20 AM

I think I've found the problem.

I had made NAT Rules but they were in the wrong order! I had the NAT rule which is needed for the Internet access before the NAT rules for the internal VPN traffic.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents