May 27 2009 4:13PM GMT
Posted by: Jason Tramer
ASA, Cisco, 5510, Remote Access, VPN, can't connect to internal resources on the same network, NAT
Cisco ASA - Remote access VPN user’s can’t connect to internal resources on the same network
Posted by: Jason Tramer
ASA, Cisco, 5510, Remote Access, VPN, can't connect to internal resources on the same network, NAT
So I was working with a Cisco ASA 5510. The inside network was 10.0.0.0/24. I had created a remote access vpn policy for users and set them up to receive address’s on their inside network (10.0.0.0/24).
While the users we able to connect fine to the vpn they were not able to ping or access any resources on the internal network. The reason I found for this is that even though they are receiving address’s on the same network as the internal LAN, the ASA still considers them part of a separate network and will try to NAT the traffic using your dynamic NAT rule.
The way to resolve this is to create a NAT exemption rule from your inside network to your inside network. Sounds funny, but it works.
Hope this helps
0 Comments
RSS Feed
Email a friend
