Solved

ASA 5525 VPN connects but can't telnet into ASA unless remote to PC on same subnet

Posted on 2014-03-02
6
950 Views
Last Modified: 2014-03-10
Hello EE,
I have a Cisco ASSA5525 on 10.210.x.x network
I can VPN in just fine and get a DHCP address on 10.210.x.x network but cannot telnet into the IP of the Cisco ASA?

I can only telnet into it from RDP into one of the physical machines at the same site as the firewall on the 10.210.x.x network.
I have telnet 0.0.0.0 0.0.0.0 inside but is the VPN even though connected in really outside?
0
Comment
Question by:bergquistcompany
  • 4
  • 2
6 Comments
 
LVL 16
ID: 39898917
Need no-proxy-arp route-lookup added to the end of your no NAT statement.

MO
0
 
LVL 16
ID: 39898922
For example:

nat (inside,outside) source static NET_INTERNAL NET_INTERNAL destination static NET_VPN_USERS NET_VPN_USERS

should be:

nat (inside,outside) source static NET_INTERNAL_NET NET_INTERNAL_NET destination static NET_VPN_USERS NET_VPN_USERS no-proxy-arp route-lookup

MO
0
 
LVL 16
ID: 39898947
Though I'd also mention that you need to be running System software version 8.4.2 or newer.

MO
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:bergquistcompany
ID: 39910896
That worked but why?
0
 
LVL 16

Accepted Solution

by:
Michael Ortega (Internetwerx, Inc.) earned 500 total points
ID: 39916448
0
 

Author Closing Comment

by:bergquistcompany
ID: 39919288
awesome thanks
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Opening Ports 18 83
Single host traffic only allowed through ASA--strange. 4 42
RDP on 4321 Router 33 49
access vs trunk with voice vlan 2 15
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now