Posted by: Jason Tramer
5510, ASA, can't connect to internal resources on the same network, Cisco, NAT, Remote Access, VPN
So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).
While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.
The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.
Hope this helps