Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

remote VPN issue

We had a remote VPN connection issue. The remote users behind ASA need to access servers behind VPN concentrator. Right now VPN session could be established. But the remote users with the private IP address like 192.168.x.x are not able to get access to servers. But they could if remote workstation was assigned public IP address directly. It looked like the issue was from NAT of ASA. Could you give me some specified advice where I should check? Thanks a lot!

3 REPLIES
Cisco Employee

Re: remote VPN issue

Make sure you are exempting VPN traffic from being NAT'd.

If the network behind the ASA is 192.168.1.0/24, and the network behind the concentrator is 192.168.2.0/24, then you first need to create an acl:

access-list nonat permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

then reference this is a nat exempt statement

nat (inside) 0 access-list nonat

Thanks.

PS. if you found this response helpful, please rate it.

New Member

Re: remote VPN issue

Thanks for your quick response. I just forget one thing about my situation. When the remote users come in, it will be assigned another IP address by VPN concentrator, like 192.168.2.X different with the current one. IS the firewall rule you suggested still used? Thx

Cisco Employee

Re: remote VPN issue

The problem you are experiencing is on the ASA, and that is where you had to make the change. The concentrator will automatically handle NAT, etc issues.

101
Views
0
Helpful
3
Replies
CreatePlease to create content