Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot connect to Internal Network from SSL VPN

First time setting ASA 5512 and I did a lot research to fix my issue but no luck. I really appreciate if I can get some help.

After successfully connected to ASA via SSL VPN. I am only able to ping the outside interface (10.2.11.4).

Please check my config and let me know what is wrong .Thanks             

: Saved
:
ASA Version 9.1(2)
!
hostname asa-01
domain-name corporate.local
enable password t8tpEme73dn9e0.9 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd t8tpEme73dn9e0.9 encrypted
names
ip local pool sslvpn-ip-pool 10.255.255.1-10.255.255.100 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 50
ip address 10.2.11.4 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.2.255.18 255.255.255.248
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
management-only
nameif management
security-level 0
ip address 192.168.1.1 255.255.255.0
!
boot system disk0:/asa912-smp-k8.bin
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.2.9.23
name-server 10.2.1.1
name-server 10.2.9.24
domain-name corporate.local
object network Trusted
subnet 10.2.0.0 255.255.0.0
object network Outside
subnet 10.2.11.0 255.255.255.0
object network ss
subnet 10.2.11.0 255.255.255.0
object network VPNlocalIP
subnet 10.255.255.0 255.255.255.0
object network LAN
subnet 10.2.9.0 255.255.255.0
object network VPN-INSIDE
subnet 10.2.255.16 255.255.255.248
object-group service tcp4433 tcp
port-object eq 4433
access-list SPLIT-TUNNEL standard permit 10.2.255.16 255.255.255.248
access-list SPLIT-TUNNEL standard permit 10.2.11.0 255.255.255.0
access-list SPLIT-TUNNEL standard permit host 10.2.9.0
access-list global_access extended permit ip object VPNlocalIP object LAN
access-list global_access extended permit ip object LAN object VPNlocalIP
pager lines 24
logging enable
logging asdm informational
logging host inside 10.2.8.8
logging debug-trace
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static LAN LAN destination static VPNlocalIP VPNlocalIP
access-group global_access global
route outside 0.0.0.0 0.0.0.0 10.2.11.1 1
route inside 10.2.0.0 255.255.0.0 10.2.255.17 1
route inside 10.255.255.0 255.255.255.0 10.2.255.17 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server CA-Kerberos protocol kerberos
aaa-server CA-Kerberos (inside) host 10.2.9.24
kerberos-realm Corp.PRI
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable 4431
http 192.168.1.0 255.255.255.0 management
http 10.2.0.0 255.255.0.0 outside
http redirect inside 80
http redirect outside 80
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa
keypair 4151
proxy-ldc-issuer
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment terminal
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment terminal
subject-name CN=vpn.corp.com
keypair ASA_PKC_One
crl configure
crypto ca trustpool policy

crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
telnet timeout 15
ssh 10.2.0.0 255.255.0.0 inside
ssh timeout 15
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access outside
dhcpd address 192.168.1.2-192.168.1.10 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.2.9.23 source outside
ssl encryption aes128-sha1 3des-sha1
ssl trust-point ASDM_TrustPoint4 management
ssl trust-point ASDM_TrustPoint4 outside
ssl trust-point ASDM_TrustPoint4 inside
webvpn
enable outside
no anyconnect-essentials
anyconnect image disk0:/anyconnect-win-3.1.04063-k9.pkg 1
anyconnect enable
tunnel-group-list enable
smart-tunnel list TerminalServer Terminal mstsc.exe platform windows
group-policy DfltGrpPolicy attributes
dns-server value 10.2.9.23
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value corp.com
webvpn
  customization value DfltCustomization
group-policy CA-SSLVPN-TEST internal
group-policy CA-SSLVPN-TEST attributes
wins-server none
dns-server value 10.2.9.23
vpn-tunnel-protocol ssl-client
default-domain value corp.com
group-policy CA-CLIENTLESS-TEST internal
group-policy CA-CLIENTLESS-TEST attributes
vpn-tunnel-protocol ssl-clientless
webvpn
  url-list value Contractors-List
  smart-tunnel enable TerminalServer
username ssluser password nS2GfPhvrmh.I/qL encrypted
username ssluser attributes
vpn-group-policy CA-SSLVPN-TEST
vpn-tunnel-protocol ssl-client
group-lock value AnySSLVPN-TEST
service-type remote-access
username admin password f4JufzEgsqDt05cH encrypted privilege 15
username cluser password 3mAXWbcK2ZdaFXHb encrypted
username cluser attributes
vpn-group-policy CA-CLIENTLESS-TEST
vpn-tunnel-protocol ssl-clientless
group-lock value OLY-Clientless
service-type remote-access
tunnel-group DefaultRAGroup general-attributes
authentication-server-group CA-Kerberos LOCAL
tunnel-group DefaultRAGroup webvpn-attributes
customization CA-ClientLess-Portal
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool sslvpn-ip-pool
authentication-server-group CA-Kerberos LOCAL
tunnel-group DefaultWEBVPNGroup webvpn-attributes
customization CA-ClientLess-Portal
tunnel-group AnySSLVPN-TEST type remote-access
tunnel-group AnySSLVPN-TEST general-attributes
address-pool sslvpn-ip-pool
authentication-server-group CA-Kerberos
default-group-policy CA-SSLVPN-TEST
tunnel-group AnySSLVPN-TEST webvpn-attributes
customization OLY-Portal
group-alias AnySSLVPN-TEST disable
group-alias AnySSLVPN-TEST-Alias disable
group-alias OLY-SSLVPN disable
group-alias SSLVPN enable
tunnel-group OLY-Clientless type remote-access
tunnel-group OLY-Clientless general-attributes
authentication-server-group CA-Kerberos
default-group-policy CA-CLIENTLESS-TEST
tunnel-group OLY-Clientless webvpn-attributes
customization CA-ClientLess-Portal
nbns-server 10.2.9.23 master timeout 2 retry 2
group-alias Clientless enable
group-alias cl disable

!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny 
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip 
  inspect xdmcp
class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly 3
  subscribe-to-alert-group configuration periodic monthly 3
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:ceea6b06a18781a23e6b5dde6b591704
: end
asdm image disk0:/asdm-713.bin
no asdm history enable

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

Glad to hear it works

Please do remember to mark a reply as the correct answer and/or rate helpfull answers

- Jouni

30 REPLIES
Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

You seem to have routed the VPN Pool network towards your "inside" network for some reason.

route inside 10.255.255.0 255.255.255.0 10.2.255.17 1

I would imagine though that the ASA might installe a more specific route to the routing table for the IP the VPN Client gets when the VPN is active, but still I am not sure if the route makes sense.

What IP/network are you trying to reach on the LAN network?

- Jouni

New Member

Cannot connect to Internal Network from SSL VPN

I am trying to ping 10.2.9.23.

That route you mentioned I added thinking will help routing 10.2.9.0/24

New Member

Re: Cannot connect to Internal Network from SSL VPN

Using packet tracer I can see that the traffic is allowed from 10.255.255.2 to 10.2.9.23.

I think I misconfigured NAT exempt. I am desperate for help. Please.


Sent from Cisco Technical Support iPad App

Super Bronze

Re: Cannot connect to Internal Network from SSL VPN

Hi,

The route I mentioned will actually tell the ASA that the network 10.255.255.0/24 is found behind the "inside" interface and the next hop IP address is 10.2.255.17.

You already have a route that will tell the ASA that the IP address 10.2.9.23 (and its network) is found behind "inside" interface with this command

route inside 10.2.0.0 255.255.0.0 10.2.255.17 1

So I would suggest you remove the below route

no route inside 10.255.255.0 255.255.255.0 10.2.255.17 1

And see if that makes any difference.

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

I just removed it but still no luck.

Sent from Cisco Technical Support iPad App

Re: Cannot connect to Internal Network from SSL VPN

Hello,

Try:

no route inside 10.255.255.0 255.255.255.0 10.2.255.17 1

no access-list SPLIT-TUNNEL standard permit host 10.2.9.0

access-list SPLIT-TUNNEL standard permit 10.2.9.0 255.255.255.0

fixup protocol icmp

Then let me know!

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Cannot connect to Internal Network from SSL VPN

Hi,

Still not working. I cannot even ping the asa outside interface from internal network but I can ping inside interface from internal network.

Looks like asa outside interface isn't doing routing when traffic comes from internal network.

Sent from Cisco Technical Support iPad App

Super Bronze

Re: Cannot connect to Internal Network from SSL VPN

Hi,

Seems to me that the Split Tunnel ACL is not being used so changes to it doesnt make difference at this point. To my understanding the VPN is using Full Tunnel at the moment?

If you want to configure it specifically then you should configure this under the Group Policy

split-tunnel-policy tunnelall

Do notice that not being able to ping the external interface IP address from internal network is expected. ASA wont allow you to PING a remote interface IP address. I mean "inside" users can ping "inside" and "outside" users can ping "outside" but "inside" users cant ping "outside" interface IP address. One exception to this rule is when traffic is coming for example from "outside" interface through VPN and "management-access inside" is configured.

I would suggest that next you provide screenshows of the following:

  • Routing/Route Details from the VPN Client while its active so we can see that they are correct
  • VPN counters so we can see that the client has actually tunneled some traffic while its active
  • Both of the avobe can be found on the VPN client software

For some reason you have a "management-access outside" configuration. This is typically used for "inside" interface which enables you to connect to this "inside" interface IP address for management purposes from VPN Client connection and also ping it which would be good in this situation when the VPN is not working and we want to test it.

So you might consider configuring

management-access inside

And then trying to ping the "inside" interface IP address while connected.

For that you would also need an additional NAT configuration

object network LAN-LINK

subnet 10.2.255.16 255.255.255.248

nat (inside,outside) source static LAN-LINK LAN-LINK destination static VPNlocalIP VPNlocalIP route-lookup

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

Here are the screenshows. is that what your are looking for? I appreciate everyone for his help and time.

Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

Since you have Full Tunnel VPN I guess we could use a wider NAT rule for all the traffic. A NAT configuration that contains all the network you have in one of the static routes.

object network LAN-NETWORKS

subnet 10.2.0.0 255.255.0.0

object network VPN-POOL

subnet 10.255.255.0 255.255.255.0

nat (inside,outside) 1 source static LAN-NETWORKS LAN-NETWORKS destination static VPN-POOL VPN-POOL route-lookup

After this try PING the following IP addresses

  • 10.2.255.18 - ASA "inside"
    • For this you would need to change the setting to "management-access inside"
  • 10.2.255.17 - ASA "inside" gateway

I would imagine that you should atleast be able to PING those IP addresses even if you werent able to ping actual LAN hosts.

I would also suggest allowing some management connection either with "ssh", "telnet" or "http" and try to connect to the "inside" interface IP address. If we can manage ICMP or form management connection through the VPN then we could narrow down the problem a bit.

If even this is not possible, I would start looking for the problems on the actual VPN Client hosts or possibly trying to enable the Split Tunnel setting for some local network to see if it changes anything. In your screenshots we can see that traffic is going to and coming from the VPN so it does seem that tunneling should be fine.

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

After I made the changes, now I can ping 10.2.255.18 but cannot ping 10.2.225.17.

New Member

Re: Cannot connect to Internal Network from SSL VPN

I aslo enabled telnet to the inside but I couldnt connect to it.

Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

Did you try SSH or ASDM connection to the "inside" IP address?

What is the router behind the ASA "inside" interface?

Does it have the default route correctly set to point to the ASA "inside" interface IP address?

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

Yes I tried SSH with no success.

I am cheking right now if i have to right default gateway

Does it have the default route correctly set to point to the ASA "inside" interface IP address?

Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

If that is your complete topology then I presume that the Switch on the LAN is a L3 capable switch. Otherwise it doesnt really do any routing. It would then only have a default-gateway set for remote management and traffic originated from the switch itself.

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

I am not sure if I understand your reply. but i can tell you that the ASA outside network (10.2.11.0) is connected to the router dmz zone and the ASA Inside network is connected to the router to another Vlan zone called VPN-Int. the IP of the router facing internet is 204.12.153.225.

New Member

Re: Cannot connect to Internal Network from SSL VPN

I just pinged www.google.ca and my internal dns server with success. so routing is working ok I guess. right?

Super Bronze

Re: Cannot connect to Internal Network from SSL VPN

Hi,

What I meant was that you have in the picture a switch directly connected to the ASA "inside" interface. This would suggest that there was no router behind the ASA "inside" interface unless its a Layer 3 switch (Switch with routing capabilities)

If I understood you correctly, you also said that the ASA "inside" is actually connected to the same router that the "outside" interface of the ASA is connected to BUT its connected on another zone/vlan?

If we take for example the host/server 10.2.9.23, what is this host/server route out the LAN network to the Internet? Does it go through straight through the Juniper OR does it go through the ASA?

I am starting to think that your problem might be that the Juniper is acting as the Internet gateway for all your LAN networks and the VPN user traffic coming through the ASA is reaching the LAN hosts but from them routed directly out the Juniper instead of routed back to the ASA.

Have you made absolutely sure that the whatever router is behind the ASA has a route for the VPN Pool network towards the ASA "inside" interface or that the LAN network is using the ASA "inside" as the default gateway?

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

If I understood you correctly, you also said that the ASA "inside" is actually connected to the same router that the "outside" interface of the ASA is connected to BUT its connected on another zone/vlan?

Yes , you are correct.

If we take for example the host/server 10.2.9.23, what is this host/server route out the LAN network to the Internet?

The route of 10.2.9.23 is 10.2.9.1

Does it go through straight through the Juniper OR does it go through the ASA?

It goes to the juniper

I am starting to think that your problem might be that the Juniper is acting as the Internet gateway for all your LAN networks and the VPN user traffic coming through the ASA is reaching the LAN hosts but from them routed directly out the Juniper instead of routed back to the ASA.

very likely possible. all the zones/vlan goes to the untrust interface in the juniper for internet traffic

Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

I guess the ASA is only used for VPN purposes (at the moment atleast)

Sadly, I am not familiar with the Juniper devices as I have only used Cisco to this day.

If I have understood the situation correctly, then it would seem to me that the problem might simply be that the Juniper doesnt know how to forward the traffic destined to the VPN Pool 10.255.255.0/24 from the LAN 10.2.9.0/24. It is perhaps trying to use its default route to forward the traffic to the Internet instead of the ASA.

So I would confirm that the Juniper has a route atleast for the network 10.255.255.0/24 pointing towards the gateway address which would be ASA "inside" interface IP address.

I just can't see a problem with the actual configuration of the ASA at the moment. And since traffic to the 10.2.255.17 or any LAN host doesnt work it would seem that simply is no return route to forward the VPN users traffic back to the ASA.

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

One more information I like to add is that we currently have Cisco VPN concentrator 3000 working as VPN only. the VPN concentrator is also using the same router as the ASA 5512.

I think I am going the use the same VPN IP pool as the VPN concentrator and see if that will make any difference.

Thanks a lot Jouni for your help.

Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

I would imagine that you are going to run into problems if you are going to use the same VPN Pool.

The routing simply aint going to work for both of the devices at the same time.

Unless you meant that the ASA was replacing the VPN Concentrator and you were going to use the same VPN Pool on the ASA and then switch the ASA to the place of the VPN Concentrator and have a try.

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

The ASA will replace the VPN concentrator after I get everyting working.

Super Bronze

Cannot connect to Internal Network from SSL VPN

Ok,

Judging by all the things we have gone through so far it would seem to me that you are possibly dealing with a routing related problem that is related to the Juniper configurations more than the actual ASA configurations.

I don't know if I can provide any more help with this other than to suggest confirming the configurations on the Juniper so that its correctly handling the routing for the VPN Pool network configured on the ASA.

The strongest indication of this problem were

  • You were able to PING the ASA "inside" interface from the VPN Client which means traffic came through the VPN and reached the ASA "inside" interface BUT as soon as you pinged the Junipers interface IP that is connected to the ASA "inside" interface, there was no reply. This would match with the behaviour that the Juniper doesnt have a route for the VPN Pool behind ASA:
  • Also the fact that you can ping the LAN network from the ASA directly but not from the VPN Client would point to a problem with routing on the Juniper. This is because when you use the ASA to ping then the ASA will use the "inside" interface IP address as the source for the ping. As this network is between ASA and Juniper directly it means that the Juniper has a directly connected route for this network and there is no problem for routing this traffic.

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

I am thinking to switch the Asa to transparent mode. But I need same subnet first on the Asa

Sent from Cisco Technical Support iPad App

Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

The ASA wont support VPN in Transparent mode.

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

I added the static route on the juniper and now I can ping 10.2.255.17 but still cannot ping 10.2.9.23. I am close to fix the issue

Sent from Cisco Technical Support iPad App

Super Bronze

Cannot connect to Internal Network from SSL VPN

Hi,

If you can ping the Juniper side of the ASA "inside" link network from the VPN Client then there should not be much problems anymore.

As I dont know the Juniper configuration format at all I am not sure what the problem is. Perhaps something related to firewall rules or perhaps something related to NAT between the interface connected to the LAN and the interface connected to the ASA.

If we were talking about a simple router behind the ASA then the only thing really required for the traffic to be routed correctly would be the static route telling the router that VPN Pool network is found behind 10.2.255.18

- Jouni

New Member

Re: Cannot connect to Internal Network from SSL VPN

Hi ,
Problem solved :). As you just said, I opened firewall rule on the juniper and now I can connect to my internal network.

I can't thank you much for your help. I won't solve the issue without you.

thank you so much.

Sent from Cisco Technical Support iPad App

2244
Views
0
Helpful
30
Replies