cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
0
Helpful
1
Replies

VPN clients connect to ASA 5510 but cannot pass traffic

mbazan
Level 1
Level 1

ASA 5510 8.2(1) w/ Cisco VPN client 5.0.05.0290 on XP/Vista. Clients successfully connect to ASA and receive IP address but cannot pass any traffic over tunnel. Any suggestions? Attached is config of ASA Thanks-

1 Reply 1

hdashnau
Cisco Employee
Cisco Employee

You are missing nat exemption (nonat) between your inside network and the vpn pool.

Lets say hypothetically you give vpn clients ips 172.16.4.1-254/24 and on the inside of the ASA you have 192.168.1.0/24 and 192.168.10.0/24. You would need nat exemption as follows for this:

access-list nonat permit ip 192.168.1.0 255.255.255.0 172.16.4.0 255.255.255.0

access-list nonat permit ip 192.168.10.0 255.255.255.0 172.16.4.0 255.255.255.0

nat (inside) 0 access-list nonat

-heather

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: