Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cannot Access Local Resources Remote Access VPN on ASA

Hello -  I have set up a Remote access VPN on an ASA.  The tunnell seem to come up ok but I cannot access any local resources. I have searched the forums and google and for some reason cannot get it to work. Could someone have a look for me and point me in the right direction.

 

Thank-you

 

gm

4 REPLIES
New Member

Hi, Which ip you are trying

Hi, 

Which ip you are trying to reach, are you able to ping from ASA to that internal ip.

As i can see there is not route back to your internal network.

 

Thanks

VIP Green

Which local network are we

Which local network are we talking about.  The local network connected to the ASA or the local network from where the RA users are connecting from?

There is no need for a route statement, the internal network is directly connected to the ASA.

Your config looks fine though I have seem some issues with VPN when using the any keyword.  Chance the no NAT statement to be more specific since you are doing split tunneling anyway.

access-list NONAT extended permit ip 192.168.0.0 255.255.255.0 192.168.115.0 255.255.255.0

Change the statement and test. Let us know how it goes.

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

Thanks for reply.  I changed

Thanks for reply.  I changed the NONAT statement statement as suggested above and it still isn't working.  I did get it working by adding a ACL to the outside and inside interfaces permitting the specific VPN traffic. I was under the understanding that the sysopt connection permit-vpn command bypassed ACL and I didnt need those statements but its working.

 

thanks - all for the replies

 

gm

 

VIP Green

The sysopt connection permit

The sysopt connection permit-vpn command bypasses the ACL on the outside interface...not the ACL on the inside interface.

Glad you got it working smiley

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
342
Views
0
Helpful
4
Replies