Cisco ASA 5505 - Remote VPN connection problem getting to internal machine

I believe I am missing one line but cannot think of what it is.  Here is an excerpt of the setup:

interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0

access-list 101 extended permit udp any any eq isakmp
access-list 101 extended permit udp any any eq 4500
access-list 101 extended permit esp any any
access-list 101 extended permit tcp any any eq ftp
access-list nonat_clientvpn extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list splittunnel standard permit 10.1.10.0 255.255.255.0
access-list nonat extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0

nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
access-group 101 in interface outside
(this may not be necessary)  route inside 10.1.10.0 255.255.255.0 192.168.10.1 1

Layout:

Modem -> Cisco ASA 5505 (Vlan1 192.168.10.1) -> (Wan 192.168.10.2) Netgear N600 router (Lan 10.1.10.0) -> workstations (server=10.1.10.34)

I can make a VPN connection with the Cisco ASA 5505.  I am unable to ping or use the built-in Microsoft remote control (terminal services) to get on any machine.  The "packet-tracer" indicates the traffic is being dropped due to the implicit deny.

What am I missing?  Thanks.
LVL 1
Adam DIT Solutions DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lruiz52Commented:
according to the rule below the 10.1.10.0 network has access to the 192.168.20.0 network.

access-list nonat extended permit ip 10.1.10.0 255.255.255.0 192.168.20.0 255.255.255.0

is it supporse to be 192.168.20.0 or 192.168.10.0 that you are trying to access??
0
Adam DIT Solutions DeveloperAuthor Commented:
Hello, thank you for your reply.

192.168.20.0 is the client (remote) vpn pool
192.168.10.0 is the local network (VLan1 inside interface is: 192.168.10.1)
10.1.10.0 is on the other side of the 3rd party router with its (Netgear) WAN interface having an IP address of 192.168.10.2

ASA
  WAN - outside (also the remote VPN clients are coming in through here with the IP address of 192.168.20.x)
  Lan - 192.168.10.1 (Vlan 1 inside)

Netgear
  Wan - 192.168.10.2  (directly connected to ASA on the ASA's inside interface)
  Lan - 10.1.10.0  (all workstations are on this side)

Does that help?

Thanks.
0
Adam DIT Solutions DeveloperAuthor Commented:
While I would still like an answer to this question, I decided to just use the wireless router (Netgear) as a wireless switch to solve this problem for now.  Thanks.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Adam DIT Solutions DeveloperAuthor Commented:
No answer provided, found work around.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.