The ranting of an IT Professional

May 27 2009   4:13PM GMT

Cisco ASA – Remote access VPN user’s can’t connect to internal resources on the same network



Posted by: Jason Tramer
Tags:
5510
ASA
can't connect to internal resources on the same network
Cisco
NAT
Remote Access
VPN

So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a  remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).

While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.

The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.

Hope this helps

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • MervinHarrison
    Wow..what an unusual problem with a likewise unusual solution. I have been suing [A href="http://www.proxynetworks.com"]PC remote access[/A] tools for years now and never had an issue like this. But, if I do, I know what to try first!
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: