Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

VPN clients connect to ASA 5510 but cannot pass traffic

ASA 5510 8.2(1) w/ Cisco VPN client 5.0.05.0290 on XP/Vista. Clients successfully connect to ASA and receive IP address but cannot pass any traffic over tunnel. Any suggestions? Attached is config of ASA Thanks-

  • VPN
1 REPLY
Cisco Employee

Re: VPN clients connect to ASA 5510 but cannot pass traffic

You are missing nat exemption (nonat) between your inside network and the vpn pool.

Lets say hypothetically you give vpn clients ips 172.16.4.1-254/24 and on the inside of the ASA you have 192.168.1.0/24 and 192.168.10.0/24. You would need nat exemption as follows for this:

access-list nonat permit ip 192.168.1.0 255.255.255.0 172.16.4.0 255.255.255.0

access-list nonat permit ip 192.168.10.0 255.255.255.0 172.16.4.0 255.255.255.0

nat (inside) 0 access-list nonat

-heather

225
Views
0
Helpful
1
Replies