10-25-2010 12:16 AM
Hello Everybody!
One of my customers bought an Asa 5510 and now i'm facing some troubles in setting up the scenario he requires.
The scenario is the following:
1 Outside network leading to Internet
1 Outside network leading to the parent company
1 Outside network wireless.
1 Inside network
They're asking the following:
1) Connect via VPN from all the three Outside networks
2) Publish an http server
Normally that wouldn't sound difficult at all, but i'm totally new with ASA and i'm facing the following problems:
1) Accessing the inside resources while connected in VPN
2) Publishing the http server
Here there's the configuration i made up so far, any solving insight would be highly appreciated!
10-25-2010 09:16 AM
Hi,
The config you have attached does not seem to be complete. But if you are connecting to VPN and then unable to acess anything on the "inside" network, you must be missing a nat exemption. Please add the following configuration:
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (Inside) 0 access-list nonat
Basically, we do not want any NAT for traffic from VPN users to the LAN. Let me know if this helps!!
Thanks and Regards,
Prapanch
10-25-2010 10:41 AM
Hello Mr Ramamoorthy!
First of all thanks for your help!
I've been devoting all my day on this issue and as soon as i got your message i tried your suggestion immediately.
Unfortunately it didn't work out,for letting a client already on the inside lan to ping the newly joined machine from the vpn
i had to enable split tunneling stating to tunnel the whole inside lan.
Since i've been working on this issue fro all the day i feel something i've written may have had an impact on the statement you suggested.
Belo i'll report the updated and actual configuration, every suggestion will be appreciated!
Thanks again!
Alessio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: