Same-security-traffic permit intra-interfaceĪccess-list VPN-TO-OFFICE-NET standard permit 10.0.0.0 255.255.255.0 Same-security-traffic permit inter-interface # Issue 2, vpn user cannot access anything on internetĪsa# packet-tracer input outside tcp 172.16.32.1 12345 1.2.3.4 443ĭrop-reason: (acl-drop) Flow is denied by configured rule Translate_hits = 37, untranslate_hits = 6ġ (something_free) to (something_outside) source dynamic any interfaceĢ (something_something) to (something_outside) source dynamic any interfaceģ (inside) to (outside) source dynamic any interface Translate_hits = 22, untranslate_hits = 23 When trying to reach a local resource (10.0.0.0/24), the translate hits below are changed:ĥ (inside) to (outside) source static any any destination static NETWORK_OBJ_172.16.32.0_24 NETWORK_OBJ_172.16.32.0_24
Translate_hits = 37, untranslate_hits = 11 When trying to access an external resource, the "translate_hits" below are changed:ġ (outside) to (outside) source dynamic vpn_nat interface All interfaces are pretty much allow any any, I suspect it has to do with NAT. IPSEC VPN client cannot reach any local (inside) resources. The problem is both VPN users can reach internal resources, and vpn users cant reach external resources. Im pretty sure it's not ACL's, although I might be wrong. At the moment running ASA 8.3, with fairly much experience of ASA 8.0-8.2, I can't get the NAT right for the VPN clients.
0 kommentar(er)
