Solved: Re: Problem VPN and VLAN

Julio Saldivar · ‎12-20-2009

Dear, I have the following problem:

ClientVPN ASA --- ---- --- Internet --ASA--VLAN1(192.168.1.0/24)

| - VLAN2

| - VLAN3

VPN= 192.168.10.0/24

When creating the VPN connection with the wizard, the list of networks for the tunnel,

this does not connect and displays the following message:

No translation group found for tcp src outside:192.168.10.2/48257 dst

192.168.1.2/80

This message is the same as it throws when one tries to communicate VLAN on the ASA,

for that reason create the following rules:

static (outside,VLAN1) 192.168.10.0 192.168.10.0 255.255.255.0

static (VLAN1,outside) 192.168.1.0 192.168.1.0 255.255.255.0

which allows communication between the VPN and VLAN1, but I lose internet

access from VLAN1 please help

Ivan Martinon · ‎12-21-2009

Julio,

You need to add nat exempt from your internal vlans towards your VPN address pool, something like this:

access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

nat (inside) 0 access-list nonat

this will allow communication from inside 192.168.1.0/24 to the vpn client, you would need to add the remaining lines for the remaining vlans and apply them on the needed vlans if they are on different interfaces of course.

View solution in original post

Ivan Martinon · ‎12-21-2009

Julio,

You need to add nat exempt from your internal vlans towards your VPN address pool, something like this:

access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

nat (inside) 0 access-list nonat

this will allow communication from inside 192.168.1.0/24 to the vpn client, you would need to add the remaining lines for the remaining vlans and apply them on the needed vlans if they are on different interfaces of course.