We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 529 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

265 New Members signed up the last 30 days!

 
satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Tags: , , , ,


Notable Replies

  1. Hi Rene,

    For this part here -

    The DNS server 8.8.8.8 will be assigned to remote VPN users.

    When connected to the VPN, If the users are trying to access Internal Corporate machines via DNS name, should we provide an Internal DNS server address rather than 8.8.8.8

    Thanks
    Rob

  2. I want to use two asa5525-X firewall (Active/Active) design in main office. Branch office want to use anyconnect vpn client. Is it possible or not?

  3. Hi Alessandro,

    Glad to hear you like it! You will need a NAT rule to keep traffic between remote VPN users and inside hosts untranslated. You can find the config for it in this reply:

    Cisco ASA NAT untranslate

    Rene

  4. Hi Rene

    Been trying to get a 9.1x VPN working for a while now, and wiped the config and started new and followed 99% of your config - internal network is 192.168.2.0/24, running 9.1(6) and Anyconnect 4.2.x.

    Everything checked out but unable to talk to internal network once connected. On the ASA log I see the following:-
    5 Jul 26 2016 10:25:05 192.168.10.100 38593 192.168.2.100 53 Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:192.168.10.100/38593(LOCAL\user) dst inside:192.168.2.100/53 denied due to NAT reverse path failure

    Tried adding the nat:-

    ciscoasa(config)# object network Inside
    ciscoasa(config-network-object)# subnet 192.168.2.0 255.255.255.0
    ciscoasa(config-network-object)# object network VPN
    ciscoasa(config-network-object)# subnet 192.168.10.0 255.255.255.0
    ciscoasa(config)#nat(inside,outside) source static Inside,Inside destination static VPN VPN

    and get the error

    nat (inside,outside) source static Inside,Inside destination static VPN VPN
                                                                  ^
    ERROR: % Invalid input detected at '^' marker.

    This is driving me nuts, please advise

    Thanks

    Neil.

Continue the discussion forum.networklessons.com

20 more replies

Participants