I am trying to setup an ASA 5505 for VPN access to a remote site. When connected to VPN I can ping the internal interface(192.168.10.1) but no internal hosts. Also internal hosts can ping the connected vpn users. VPN users can also browser the internet.
It is not just ping but all services(http/https..etc). What they heck am I doing wrong?
r u using both vpn pool and internal lan with same subnet? if so please change it to a different segment.... create a no-nat for the traffic between vpn pool and internal lan subnet...... if you are restricting in access_list on outside interface.... then allow the vpn pool towards internal lan...
Allow in outside intrerface binded access-list for the traffic between your vpn subnet to local internal lan..... or you need to give sysopt connection permit vpn to skip the interface acl's filtering for vpn users....
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...