Tags: , , , ,

Forum Replies

  1. Hi

    I have ASA 5520 VPN Plus license with latest IOS disk0:/asa917-k8.bin

    Licensed features for this platform:
    Maximum Physical Interfaces       : Unlimited      perpetual
    Maximum VLANs                     : 150            perpetual
    Inside Hosts                      : Unlimited      perpetual
    Failover                          : Active/Active  perpetual
    Encryption-DES                    : Enabled        perpetual
    Encryption-3DES-AES               : Enabled        perpetual
    Security Contexts                 : 20             perpetual
    ... Continue reading in our forum

  2. Hi

    I tested today AnyConnect VPN Client Software-4.2.01035 with my ASA and glad it works perfectly with Rene article.

    Rene, your ASA articles are amazing which so far I am testing, just a quick note, if you can add NAT statements also related to the configuration that will be great or if you add a Note that particular configuration require NAT changes as well.
    e.g. to make the Split Tunnel work we need a deny statement in NAT so it will be helpful.

    Thanks and amazing work, everything work for me like a charm.

    Stay blessed

  3. Hi Richard,

    The VPN traffic does terminate on the outside interface. Usually we use the sysopt connection permit-vpn command to permit IPsec traffic to bypass any access-list. If you don’t use it, then you’ll need to explicitly permit your IPsec traffic to the inside.

    It could be an issue on your ASA but have you also checked your router has a route back to the ASA?


  4. Hi Rene,

    Congrats, very clear tutorial. What about the NAT rule to keep untranslated the traffic between internal subnets and remote VPN hosts ? Is not it needed ?

    Please advise.

    Thank you.

  5. Hi Alessandro,

    Glad to hear you like it! You will need a NAT rule to keep traffic between remote VPN users and inside hosts untranslated. You can find the config for it in this reply:

    Cisco ASA NAT untranslate


42 more replies! Ask a question or join the discussion by visiting our Community Forum