ASA 5505 VPN setup. VPN works but still unable to reach devices in the inside network.
Posted
by
chickenloop
on Server Fault
See other posts from Server Fault
or by chickenloop
Published on 2012-11-17T21:19:33Z
Indexed on
2012/11/17
23:05 UTC
Read the original article
Hit count: 200
I've setup a Remote Access VPN on my Cisco ASA 5505. I'm able to connect to my ASA via my phone or the Cisco client, but I'm unable to reach devices in my inside LAN when connected via VPN.
The setup is the following:
Inside Network : 10.0.0.0/24 VPN_POOL: 172.16.0.0/24 Outside Network: 192.168.1.0/24
ASA is not the perimeter router, there is another device on the 192.168.1.0/24 network which is connected to my cable provider. Obviously UDP port 500 and 4500 are forwarded to the ASA's outside interface. Everything works perfectly, besides the VPN stuff. Config:
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.254 255.255.255.0
interface Vlan2
description Outside Interface
nameif outside
security-level 0
address 192.168.1.254 255.255.255.0
object network VPNPOOL
subnet 172.16.0.0 255.255.255.0
object network INSIDE_LAN
subnet 10.0.0.0 255.255.255.0
Then the exempt NAT rule.
nat (inside,outside) source static INSIDE_LAN INSIDE_LAN destination static VPNPOOL VPNPOOL
I don't think that the problem is with the VPN config, as I can successfully establish the VPN connection, but just in case I post it here:
group-policy ZSOCA_ASA internal
group-policy ZSOCA_ASA attributes
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-Tunnel
default-domain value default.domain.invalid
tunnel-group ZSOCA_ASA type remote-access
tunnel-group ZSOCA_ASA general-attributes
address-pool VPNPOOL
default-group-policy ZSOCA_ASA
tunnel-group ZSOCA_ASA ipsec-attributes
ikev1 pre-shared-key *****
Any ideas are welcome. Regards.
© Server Fault or respective owner