Solved

ASA 5525 VPN connects but can't telnet into ASA unless remote to PC on same subnet

Posted on 2014-03-02
6
968 Views
Last Modified: 2014-03-10
Hello EE,
I have a Cisco ASSA5525 on 10.210.x.x network
I can VPN in just fine and get a DHCP address on 10.210.x.x network but cannot telnet into the IP of the Cisco ASA?

I can only telnet into it from RDP into one of the physical machines at the same site as the firewall on the 10.210.x.x network.
I have telnet 0.0.0.0 0.0.0.0 inside but is the VPN even though connected in really outside?
0
Comment
Question by:bergquistcompany
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898917
Need no-proxy-arp route-lookup added to the end of your no NAT statement.

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898922
For example:

nat (inside,outside) source static NET_INTERNAL NET_INTERNAL destination static NET_VPN_USERS NET_VPN_USERS

should be:

nat (inside,outside) source static NET_INTERNAL_NET NET_INTERNAL_NET destination static NET_VPN_USERS NET_VPN_USERS no-proxy-arp route-lookup

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898947
Though I'd also mention that you need to be running System software version 8.4.2 or newer.

MO
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 

Author Comment

by:bergquistcompany
ID: 39910896
That worked but why?
0
 
LVL 16

Accepted Solution

by:
Michael Ortega earned 500 total points
ID: 39916448
0
 

Author Closing Comment

by:bergquistcompany
ID: 39919288
awesome thanks
0

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question