Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA VPN Tunnel with NAT - Works but ASA inside interface has no communication

I followed this document to setup a VPN tunnel with NAT


It works for hosts behind each firewall but I cannot communicate with the remote ASA inside interface (tested with ping and telnet).


What do I need to make the ASA inside interface accessible from the remote VPN LAN?

New Member

Hi, Try adding "management



Try adding "management-access inside" on the ASA to access inside.



New Member

Already had that in my config

Already had that in my config.

Also have "inspect icmp" in my  global_policy class inspection_default section.

New Member

Hi,in the NAT-Exempt in nat,


in the NAT-Exempt in nat, can you try adding route-lookup keyword and check?



New Member

I don't have NAT exempt, no

I don't have NAT exempt,


no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
static (inside,outside)  access-list policy-nat
route outside 1
timeout xlate 3:00:00


Hi, On this case, you will



On this case, you will still need to add the NAT exempt, as follow:


access-list nonat permit ip <Inside_subnets> <remote_subnets>

nat (inside) 0 access-list nonat


Then also make sure that you have the SSH and telnet configuration allowing the access:


Just for a quick test:

- telnet inside
- ssh inside

- aaa authentication ssh console LOCAL


- aaa authentication telnet console LOCAL



If you don't have an RSA key:

- crypto key generate rsa modulus 2048



Then if that works, go ahead add the pertinent subnets that should access SSH or Telnet.


Please don't forget to rate, and mark as correct the helpful Post!


David Castro,