Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

[Asa 5510] Vpn configuration problems: Lan resources access + server publishing

Hello Everybody!

One of my customers bought an Asa 5510 and now i'm facing some troubles in setting up the scenario he requires.

The scenario is the following:

1 Outside network leading to Internet

1 Outside network leading to the parent company

1 Outside network wireless.

1 Inside network

They're asking the following:

1) Connect via VPN from all the three Outside networks

2) Publish an http server

Normally that wouldn't sound difficult at all, but i'm totally new with ASA and i'm facing the following problems:

1) Accessing the inside resources while connected in VPN

2) Publishing the http server

Here there's the configuration i made up so far, any solving insight would be highly appreciated!

2 REPLIES
Cisco Employee

Re: [Asa 5510] Vpn configuration problems: Lan resources access

Hi,

The config you have attached does not seem to be complete. But if you are connecting to VPN and then unable to acess anything on the "inside" network, you must be missing a nat exemption. Please add the following configuration:


access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0

nat (Inside) 0 access-list nonat

Basically, we do not want any NAT for traffic from VPN users to the LAN. Let me know if this helps!!

Thanks and Regards,

Prapanch

Re: [Asa 5510] Vpn configuration problems: Lan resources access

Hello Mr Ramamoorthy!

First of all thanks for your help!

I've been devoting all my day on this issue and as soon as i got your message i tried your suggestion immediately.

Unfortunately it didn't work out,for letting a client already on the inside lan to ping the newly joined machine from the vpn

i had to enable split tunneling stating to tunnel the whole inside lan.

Since i've been working on this issue fro all the day i feel something i've written may have had an impact on the statement you suggested.

Belo i'll report the updated and actual configuration, every suggestion will be appreciated!

Thanks again!

Alessio

506
Views
0
Helpful
2
Replies
CreatePlease login to create content