We have an ASA 5510 Sec+ firewall, and are trying to set up a remote access VPN using AnyConnect. Our internal subnet is 172.16.40.0/22.
Now, when I set the IP Pool to give out addresses inside that subnet, i.e. 172.16.42.32 - 172.16.42.96, I can connect to the VPN and ping our servers, but I only get 1 reply and the rest of the packets are dropped. On the firewall, I can see the packets being denied with this error message:
Following the advice I received in my other thread about this I set up an IP pool on a new subnet - 172.16.180.0/24. With that setup I was able to connect and become part of the network, RDP/PING etc. So I thought that was the end of the problem, until I was told that the developers could not reach our production servers which are hosted on another subnet through the VPN. They are in 172.16.46.0/24 and are located in a colo facility.
Now, we have a Windows RRAS VPN set up which gives out internal subnet IP addresses, and they are able to reach the colo subnet just fine. Is there any way to fix the Cisco VPN to work with assigning internal addresses?
We do not have access at this time to the router at the colo, just their firewall.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...