bergquistcompany
asked on
ASA 5525 VPN connects but can't telnet into ASA unless remote to PC on same subnet
Hello EE,
I have a Cisco ASSA5525 on 10.210.x.x network
I can VPN in just fine and get a DHCP address on 10.210.x.x network but cannot telnet into the IP of the Cisco ASA?
I can only telnet into it from RDP into one of the physical machines at the same site as the firewall on the 10.210.x.x network.
I have telnet 0.0.0.0 0.0.0.0 inside but is the VPN even though connected in really outside?
I have a Cisco ASSA5525 on 10.210.x.x network
I can VPN in just fine and get a DHCP address on 10.210.x.x network but cannot telnet into the IP of the Cisco ASA?
I can only telnet into it from RDP into one of the physical machines at the same site as the firewall on the 10.210.x.x network.
I have telnet 0.0.0.0 0.0.0.0 inside but is the VPN even though connected in really outside?
For example:
nat (inside,outside) source static NET_INTERNAL NET_INTERNAL destination static NET_VPN_USERS NET_VPN_USERS
should be:
nat (inside,outside) source static NET_INTERNAL_NET NET_INTERNAL_NET destination static NET_VPN_USERS NET_VPN_USERS no-proxy-arp route-lookup
MO
nat (inside,outside) source static NET_INTERNAL NET_INTERNAL destination static NET_VPN_USERS NET_VPN_USERS
should be:
nat (inside,outside) source static NET_INTERNAL_NET NET_INTERNAL_NET destination static NET_VPN_USERS NET_VPN_USERS no-proxy-arp route-lookup
MO
Though I'd also mention that you need to be running System software version 8.4.2 or newer.
MO
MO
ASKER
That worked but why?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
awesome thanks
MO