[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 770
  • Last Modified:

ASA 5520 VLAN Problem

OK...so my admin was working for group policies to restrict access for some VPN users in ASDM. In one of the group policy profiles he hit the "manage" button under General Client Parameters and "Split Tunnel Network List". He unchecked a particular VLAN in that list.

Once that was pushed to the ASA 5520 we lost the ability to ping anything on that VLAN. The router can still see the VLAN - no issue. The servers on that vlan can ping out to the main one. We just can't ping back.

FOund some log entries. We're getting this:

No translation group found for icmp src

VLANC is 172.30.200.0 and VLAN A is 172.30.100.0

VlanC can access VlanA. VlanA CANNOT access VLANC
0
taiell0
Asked:
taiell0
  • 2
1 Solution
 
Ernie BeekCommented:
So are you able to roll that back? After that we could have a look what exactly is is you want and how we can arrange that.

I also added the PIX/ASA topic to your question to draw some more attention.
0
 
taiell0Author Commented:
The problem ended up being a bug in the 7.2 firmware which kept the rules from re-applying. The exact error was

Unable to download NAT policy for ACE

Cisco TAC removed the nat rules on the vlan and re-created them to get things moving again.
0
 
taiell0Author Commented:
Problem resolved through Cisco TAC
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now