Question

  • Creator
    Topic
  • #2202649

    Cisco ASA 5505 VPN – can not see inside LAN when VPN’d in

    Locked

    by eickholdt ·

    Hi folks, I can connect to the VPN appliance, and I can…
    – Ping the Cisco ASA WAN Interface
    – Ping external addresses (DNS etc.)

    What I can not do is to connect to an IP Address inside the network (192.168.1.x)

    Here is my config – thanks in advance…

    Result of the command: “show run”

    : Saved
    :
    ASA Version 7.2(4)
    !
    hostname ciscoasa
    domain-name taxgroup.local
    enable password * encrypted
    passwd * encrypted
    names
    !
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    ip address x.x.42.155 255.255.255.248
    !
    interface Vlan3
    no forward interface Vlan1
    nameif dmz
    security-level 50
    no ip address
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    ftp mode passive
    dns server-group DefaultDNS
    domain-name name.local
    same-security-traffic permit inter-interface
    access-list TCLapeer_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.27.0 255.255.255.240
    access-list TCLapeer_splitTunnelAcl_2 standard permit any
    pager lines 24
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu dmz 1500
    ip local pool TCLapeer 192.168.27.1-192.168.27.12 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    route outside 0.0.0.0 0.0.0.0 66.188.42.153 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map outside_dyn_map 20 set pfs group1
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto dynamic-map outside_dyn_map 40 set pfs group1
    crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
    crypto dynamic-map outside_dyn_map 60 set pfs group1
    crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
    crypto dynamic-map outside_dyn_map 80 set pfs group1
    crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd auto_config outside
    !

    group-policy TCLapeer internal
    group-policy TCLapeer attributes
    dns-server value 24.247.24.53 24.247.15.53
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value TCLapeer_splitTunnelAcl
    username me password * encrypted privilege 0
    username me attributes
    vpn-group-policy TunnelGroupPolicy
    tunnel-group TunnelGroupName type ipsec-ra
    tunnel-group TunnelGroupName general-attributes
    address-pool TunnelGroupName
    default-group-policy TunnelGroupName
    tunnel-group TunnelGroupName ipsec-attributes
    pre-shared-key *
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    !
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:*
    : end

All Answers

Viewing 0 reply threads