Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ASA 5525 VPN connects but can't telnet into ASA unless remote to PC on same subnet

Posted on 2014-03-02
6
Medium Priority
?
994 Views
Last Modified: 2014-03-10
Hello EE,
I have a Cisco ASSA5525 on 10.210.x.x network
I can VPN in just fine and get a DHCP address on 10.210.x.x network but cannot telnet into the IP of the Cisco ASA?

I can only telnet into it from RDP into one of the physical machines at the same site as the firewall on the 10.210.x.x network.
I have telnet 0.0.0.0 0.0.0.0 inside but is the VPN even though connected in really outside?
0
Comment
Question by:bergquistcompany
  • 4
  • 2
6 Comments
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898917
Need no-proxy-arp route-lookup added to the end of your no NAT statement.

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898922
For example:

nat (inside,outside) source static NET_INTERNAL NET_INTERNAL destination static NET_VPN_USERS NET_VPN_USERS

should be:

nat (inside,outside) source static NET_INTERNAL_NET NET_INTERNAL_NET destination static NET_VPN_USERS NET_VPN_USERS no-proxy-arp route-lookup

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898947
Though I'd also mention that you need to be running System software version 8.4.2 or newer.

MO
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:bergquistcompany
ID: 39910896
That worked but why?
0
 
LVL 16

Accepted Solution

by:
Michael Ortega earned 2000 total points
ID: 39916448
0
 

Author Closing Comment

by:bergquistcompany
ID: 39919288
awesome thanks
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Considering cloud tradeoffs and determining the right mix for your organization.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question