troubleshooting Question

Cisco ASA 5510 8.25 VPN Client access issues

Avatar of dr_pr
dr_pr asked on
VPNCisco
10 Comments3 Solutions1089 ViewsLast Modified:
Hi Experts

I'm having issues with clients accessing inside resources from my SSLVPN pool

Inside address range 10.10.10.0/24

VPN Pool 10.10.1.0/24

I had the VPN pool statically NAT'ed to the inside addresses and it worked fine but i don't want to use this configuration.

Commands used

NAT Exemption

access-list NONAT extended permit ip 10.10.10.0 255.255.255.0 10.10.1.0 255.255.255.0
nat (inside) 0 access-list NONAT

I also tried

access-list NONAT extended permit ip 10.10.1.0 255.255.255.0 10.10.10.0 255.255.255.0
nat (inside) 0 access-list NONAT

i have a static route set 0.0.0.0 0.0.0.0 <outside interface ip>

Am i missing a route to get to the VPN Pool or something?

I set another VPN pool using some the inside addresses (10.10.10.129 - 10.10.10.250) to test my NONAT access-list. This of course worked as the VPN clients are on the same subnet as the internal resources.


access-list NONAT extended permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0
nat (inside) 0 access-list NONAT

When i try and ping the VPN clients after connection to the VPN, the clients (iPhones) disconnect and reconnect to the VPN.

I can post my config tomorrow if necessary
ASKER CERTIFIED SOLUTION
dr_pr

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 3 Answers and 10 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros