Link to home
Start Free TrialLog in
Avatar of bergquistcompany
bergquistcompany

asked on

ASA 5525 VPN connects but can't telnet into ASA unless remote to PC on same subnet

Hello EE,
I have a Cisco ASSA5525 on 10.210.x.x network
I can VPN in just fine and get a DHCP address on 10.210.x.x network but cannot telnet into the IP of the Cisco ASA?

I can only telnet into it from RDP into one of the physical machines at the same site as the firewall on the 10.210.x.x network.
I have telnet 0.0.0.0 0.0.0.0 inside but is the VPN even though connected in really outside?
Avatar of Michael Ortega
Michael Ortega
Flag of United States of America image

Need no-proxy-arp route-lookup added to the end of your no NAT statement.

MO
For example:

nat (inside,outside) source static NET_INTERNAL NET_INTERNAL destination static NET_VPN_USERS NET_VPN_USERS

should be:

nat (inside,outside) source static NET_INTERNAL_NET NET_INTERNAL_NET destination static NET_VPN_USERS NET_VPN_USERS no-proxy-arp route-lookup

MO
Though I'd also mention that you need to be running System software version 8.4.2 or newer.

MO
Avatar of bergquistcompany
bergquistcompany

ASKER

That worked but why?
ASKER CERTIFIED SOLUTION
Avatar of Michael Ortega
Michael Ortega
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
awesome thanks