Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

U-Turn anyconnect with public IP addresses

Hello everyone,

I want to setup anyconnect on a ASA5505 but I cannot reach anything when I'm connected.

The client must receive a public IP address and all traffic must pass by the VPN tunnel.

The ASA has only one interface connected (outside) and a public IP address.

The public IP subnet for VPN is routed to the ASA.

I don't have any "internal" network and I don't need one.

VPN clients must be able to exchange traffic between them.

 

My network setup:

- ASA outside IP: x.y.z.19

- IP range allocated to VPN: x.y.z.48 to x.y.z.63

- There is a firewall rule that allow VPN IP range to any and from any to VPN IP range on "global" interface.

 

If I establish a VPN connection, I receive an IP address, for example x.y.z.50

 

Traceroute from external location to x.y.z.50 for example shows x.y.z.19 as last hop, so routing is working properly.

From the VPN client, I cannot ping or reach anything on x.y.z.19 nor 8.8.8.8

Packet tracer in ASDM from x.y.z.50 to 8.8.8.8 shows that the packet can pass.

 

What am I missing ? Do I need to use NAT even if I don't have any inside network ?

 

thanks for your help !

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Hi, Yes. You have enable same

Hi,

 

Yes. You have enable same-security traffic permit intra-interface as you come and go via same interface..... you need to do no-nat with (outside,outside) with your vpn address....

 

Regards

Karthik

2 REPLIES

Hi, Yes. You have enable same

Hi,

 

Yes. You have enable same-security traffic permit intra-interface as you come and go via same interface..... you need to do no-nat with (outside,outside) with your vpn address....

 

Regards

Karthik

New Member

HiCisco ASA - Remote VPN

Hi

Cisco ASA - Remote VPN Client Internet Access

You want 'Option 2'

 

Pete

 

827
Views
0
Helpful
2
Replies
CreatePlease login to create content