Issue accessing LAN when connected via VPN
Hello! I’m having trouble routing when connected via VPN to a Cisco ASA 5540 device.
I am unable to ping/connect to any LAN node.
My ASA is using a 192.50.x.x that gets NAT’d by a 2951 series router to 192.168.x.x.
The VPN addresses are assigned 10.x.x.x.
There is an ACL to route the 10.x.x packets on the 2951 router. I believe the issue is on the ASA. I did use the VPN wizard for CiscoAnyconnect.. I’m thinking it could be something to do with tunneling? I’m unable to post a config at the moment- any things to check on without having the config posted?
Thanks in advance!
I am unable to ping/connect to any LAN node.
My ASA is using a 192.50.x.x that gets NAT’d by a 2951 series router to 192.168.x.x.
The VPN addresses are assigned 10.x.x.x.
There is an ACL to route the 10.x.x packets on the 2951 router. I believe the issue is on the ASA. I did use the VPN wizard for CiscoAnyconnect.. I’m thinking it could be something to do with tunneling? I’m unable to post a config at the moment- any things to check on without having the config posted?
Thanks in advance!
Jacob Durham
Post a cleaned up version of your router config?
ASKER
Router#sh run
Building configuration...
Current configuration : 1952 bytes
!
! Last configuration change at 06:25:53 UTC Thu Jul 19 2018
! NVRAM config last updated at 06:21:01 UTC Thu Jul 19 2018
! NVRAM config last updated at 06:21:01 UTC Thu Jul 19 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
ip domain name mydomain.local
ip name-server 192.168.0.250
ip name-server 192.168.0.249
ip name-server 8.8.8.8
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
hw-module pvdm 0/0
!
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.50.50.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.50.50.2
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.50.50.0 0.0.0.255
access-list 1 permit 10.3.5.0 0.0.0.255
!
nls resp-timeout 1
cpd cr-id 1
!
!
control-plane
!
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
Building configuration...
Current configuration : 1952 bytes
!
! Last configuration change at 06:25:53 UTC Thu Jul 19 2018
! NVRAM config last updated at 06:21:01 UTC Thu Jul 19 2018
! NVRAM config last updated at 06:21:01 UTC Thu Jul 19 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
ip domain name mydomain.local
ip name-server 192.168.0.250
ip name-server 192.168.0.249
ip name-server 8.8.8.8
multilink bundle-name authenticated
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
voice-card 0
!
!
!
!
!
!
!
hw-module pvdm 0/0
!
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.50.50.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.50.50.2
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.50.50.0 0.0.0.255
access-list 1 permit 10.3.5.0 0.0.0.255
!
nls resp-timeout 1
cpd cr-id 1
!
!
control-plane
!
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.