We help IT Professionals succeed at work.
Get Started

no-nat on vpn tunnel still not working.

nwhitaker2
nwhitaker2 asked
on
466 Views
Last Modified: 2012-05-07
VPN conncetion works but I cannot get to the inside network so I can access my server on 192.168.1.100 or any other address.  I though my no-nat config was good.  Can anyone tell me from the config below what I need to change to make this work?

Any and all help is greatly appreciated.
Result of the command: "sh conf"
 
: Saved
: Written by enable_15 at 16:25:49.758 EDT Wed Aug 26 2009
!
ASA Version 8.2(1) 
!
hostname donaway
enable password QjGE.CdLq7NqL6iv encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.232 255.255.255.0 
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
banner exec Unauthorized access to this device is prohibited - anyone who abuses this will be prosecuted.
banner login Unauthorized access to this device is prohibited - anyone who abuses this will be prosecuted.
banner motd Unauthorized access to this device is prohibited - anyone who abuses this will be prosecuted.
banner asdm Unauthorized access to this device is prohibited - anyone who abuses this will be prosecuted.
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
same-security-traffic permit inter-interface
access-list inside_access_in extended permit ip any any 
access-list outside_access_in extended permit ip any any 
access-list outside_access_in extended permit icmp any any echo-reply 
access-list donvpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0 
pager lines 24
logging enable
logging list donaway level emergencies class config
logging asdm informational
logging from-address traps@bdktechs.com
logging recipient-address traps@bdktechs.com level errors
logging debug-trace
logging ftp-bufferwrap
logging ftp-server 74.208.77.210 /syslog donaway l3tm31n
mtu inside 1500
mtu outside 1500
ip local pool donvpnpool 192.168.200.100-192.168.200.131 mask 255.255.255.224
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 162.84.43.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
snmp-server location Don
snmp-server contact Nathan Whitaker
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
client-update enable
vpn-addr-assign local reuse-delay 30
telnet timeout 60
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
management-access inside
vpdn username donaways password 8986q279 store-local
dhcpd address 192.168.1.101-192.168.1.131 inside
dhcpd dns 71.242.0.12 71.252.0.12 interface inside
dhcpd domain dondom interface inside
dhcpd auto_config outside vpnclient-wins-override interface inside
dhcpd option 5 ip 71.242.0.12 71.252.0.12 interface inside
dhcpd enable inside
!
 
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
group-policy donvpn internal
group-policy donvpn attributes
 dns-server value 71.242.0.12 71.252.0.12
 vpn-filter value inside_nat0_outbound
 vpn-tunnel-protocol IPSec l2tp-ipsec svc 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value donvpn_splitTunnelAcl
 default-domain value dondom
 address-pools value donvpnpool
username bdkinc password xMdLfE3U39Cwn8EL encrypted privilege 0
username bdkinc attributes
 vpn-group-policy donvpn
username ernie password Uhv2RcbQoZ/JPGKL encrypted privilege 0
username ernie attributes
 vpn-group-policy donvpn
username don4 password .H/k9epDqxDDu9tt encrypted privilege 0
username don4 attributes
 vpn-group-policy donvpn
username don2 password 7uBGBOVRE0SpkYIF encrypted privilege 0
username don2 attributes
 vpn-group-policy donvpn
username don3 password GCNXzD.AaHZuc/4q encrypted privilege 0
username don3 attributes
 vpn-group-policy donvpn
username don1 password 5FFM.Ww3w5eygSZ3 encrypted privilege 0
username don1 attributes
 vpn-group-policy donvpn
tunnel-group donvpn type remote-access
tunnel-group donvpn general-attributes
 address-pool donvpnpool
 default-group-policy donvpn
tunnel-group donvpn ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
prompt hostname context 
Cryptochecksum:53398f63bd3609de7695ec6cc8ef3c87

Open in new window

Comment
Watch Question
This problem has been solved!
Unlock 1 Answer and 7 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE