Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Need Help


use static route between 3750X_Main and ASA 

only permit access internet connect to 3750X_Main



interface GigabitEthernet0/0

nameif outside

security-level 0

ip address


interface GigabitEthernet0/1

nameif inside

security-level 100

ip address

dns domain-lookup outside

dns server-group DefaultDNS



domain-name default.domain.invalid

same-security-traffic permit intra-interface

object network INSIDE_OUTSIDE


object network INSIDE


object network WEB_SERVER


object network VPN_CLIENT


object network VPN_LOCAL


object-group network VPN_REMOTE


access-list 101 extended permit ip any any 

access-list split extended permit ip any

ip local pool VPN_CLIENT mask

no nat (inside,outside) source dynamic VPN_LOCAL INSIDE destination static VPN_REMOTE VPN_REMOTE

no nat (outside,outside) source dynamic VPN_CLIENT INSIDE destination static VPN_REMOTE VPN_REMOTE

no nat (outside,inside) source static VPN_REMOTE VPN_REMOTE destination static VPN_LOCAL VPN_LOCAL

no nat (outside,inside) source static VPN_CLIENT VPN_CLIENT destination static VPN_LOCAL VPN_LOCAL


object network INSIDE_OUTSIDE

nat (inside,outside) dynamic interface

object network WEB_SERVER

nat (inside,outside) static interface service tcp 4000 4000

access-group 101 in interface outside

route outside 1

route inside 1

route inside 1

aaa authentication ssh console LOCAL

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map DYNMAP 1 set ikev1 transform-set ESP-3DES-MD5

crypto dynamic-map DYNMAP 1 set reverse-route

crypto map OUTSIDEMAP 1 ipsec-isakmp dynamic DYNMAP

crypto map OUTSIDEMAP interface outside

crypto ikev1 enable outside

crypto ikev1 policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 28800

telnet inside

telnet timeout 5

ssh outside

ssh timeout 30

ssh version 2

console timeout 0

management-access inside    

dhcpd address management

dhcpd enable management

group-policy VPN_CLIENT internal

group-policy VPN_CLIENT attributes

vpn-tunnel-protocol ikev1

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

address-pools value VPN_CLIENT

username cisco password 3USUcOPFUiMCO4Jk encrypted

username cisco attributes

vpn-group-policy VPN_CLIENT

tunnel-group DefaultL2LGroup ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group VPN_CLIENT type remote-access

tunnel-group VPN_CLIENT general-attributes

default-group-policy VPN_CLIENT

tunnel-group VPN_CLIENT ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group-map default-group DefaultL2LGroup

interface GigabitEthernet0/0

nameif outside

security-level 0

As shown above

1.EzVPN_Client can access L2L_PC

2.EzVPN_Client can access

3.EzVPN_Client can not access can access L2L_PC,but once L2L_PC access, can not access L2L_PC.

5.between and L2L_PC can access together any time.

why? need help.

CreatePlease to create content