Cannot Access Internal LAN through Remote Access VPN: Cisco ASA 5515-X
I am struggling with this since last 10 days and don't have any clue where it is going wrong. Hoping someone could help me in configuring it.
We have Cisco ASA - 5515-X running and recently I have enabled the Remote Access VPN with the below configuration.
I am able to connect successfully and also able to ping the vpn ( which is inside) interface but cannot ping or reach the rest of the network/hosts in the LAN. I have also tried with different VPNClient Pools ( For e.g. 192.168.x.x) but ended up same.
The localhosts I am trying to ping from VPN client are reachable from ASA so not sure if it is a routing issue.
no security-level no ip address ! interface GigabitEthernet0/1 channel-group 1 mode active no nameif no security-level no ip address ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/4 shutdown no nameif
no security-level no ip address ! interface GigabitEthernet0/5 shutdown no nameif no security-level no ip address ! interface Management0/0 management-only nameif management security-level 100 ip address 10.16.0.23 255.255.255.0 ! interface Port-channel1 lacp max-bundle 8 no nameif no security-level no ip address ! interface Port-channel1.2001 vlan 2001 nameif out
access-list vpn_access_in extended permit ip any4 any4 access-list vpn_access_in extended permit ip any any access-list out_access_in extended deny udp any any eq ntp access-list out_access_in extended permit ip any4 any4 access-list out_access_in extended permit ip any any log access-list out_access_in extended permit icmp any4 any object-group DM_INLINE_ICMP_1 access-list DefaultRAGroup_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0 access-list vpn_traffic standard permit 10.16.254.0 255.255.255.0 access-list dmz_access_in extended permit ip any any access-list crypto_map_acl extended permit ip any object inside_nw
mtu management 1500 mtu out 1500 mtu vpn 1500 mtu dmz 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-731-101.bin
arp timeout 14400 no arp permit-nonconnected nat (vpn,out) source static inside_nw inside_nw destination static inside_nw inside_nw route-lookup access-group out_access_in in interface out access-group vpn_access_in in interface vpn access-group dmz_access_in in interface dmz
router ospf 1 router-id 0.0.1.3 network 10.16.254.64 255.255.255.192 area 0 network xx.xx.xx.200 255.255.255.252 area 0 network xx.xx.xx.204 255.255.255.252 area 0 area 0
route vpn 10.0.0.0 255.0.0.0 10.16.254.65 1
sysopt connection tcpmss 1300 sysopt noproxyarp out sysopt noproxyarp vpn
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...