The ranting of an IT Professional

May 27 2009   4:13PM GMT

Cisco ASA – Remote access VPN user’s can’t connect to internal resources on the same network

Jason Tramer Jason Tramer Profile: Jason Tramer

So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a  remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).

While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.

The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.

Hope this helps

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • MervinHarrison
    Wow..what an unusual problem with a likewise unusual solution. I have been suing [A href="http://www.proxynetworks.com"]PC remote access[/A] tools for years now and never had an issue like this. But, if I do, I know what to try first!
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: