Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Connected but cannot access LAN

Hi,

I can connect to the VPN via Cisco VPN Client but I cannot ping any ip from the LAN. I already tried the crypto isakmp nat-traversal 20 but still no luck. I am attaching my config. Hope you can help. Thanks

3 REPLIES
Cisco Employee

Re: VPN Connected but cannot access LAN

If you have just tested ping through the vpn client connection, then you need to allow icmp inspection as follows:

policy-map global_policy
class inspection_default
  inspect icmp

With the current configuration, you should be able to access the inside LAN: 10.238.10.0/24

If you also need access to DMZ subnet, then you would need the following:

access-list dmz-nonat permit ip 192.168.238.0 255.255.255.0 10.88.0.0 255.255.255.0

nat (dmz) 0 access-list dmz-nonat

I also notice that you didn't configure split tunnelling, hence you won't be able to browse the internet once connected via vpn. You can either configure split tunnel, or send all traffic (including internet traffic) towards the ASA via the vpn tunnel.

New Member

Re: VPN Connected but cannot access LAN

Possibly you have a similar issue like this:

https://supportforums.cisco.com/thread/2002837?tstart=0

Please, try to manually add a route (you must do using the administrative command prompt) and ping again.

If you can do, you have exctly my same problem; if so, please, let me know.

Ciao

New Member

Re: VPN Connected but cannot access LAN

Hi,

We got it working now by enabling NAT traversal. Thanks for the help.

1269
Views
6
Helpful
3
Replies
CreatePlease to create content