| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Junior Member
Join Date: Oct 2008
Posts: 8
|
Hello,
I'm trying to get a remote access VPN working using an ASA and Cisco VPN client with no split tunneling. The VPN works kinda, I can access devices on the inside when I connect, but I cannot access the Internet. I don't see any errors in the ASA logfile except these: Jul 1 04:59:15 gatekeeper %ASA-3-305006: portmap translation creation failed for udp src outside:192.168.47.200/137 dst outside:192.168.47.255/137 Jul 1 04:59:15 gatekeeper %ASA-3-305006: portmap translation creation failed for udp src outside:192.168.47.200/54918 dst outside  xx.xxx.xxx.xxx/53There's only one public IP address which is DHCP assigned to the outside interface. The inside network is 192.168.1.0/24 which is PAT'ed to the outside interface and the VPN network is 192.168.47.X. I think my problem is that the .47 net is not being NAT'ed to the outside properly and I'm not sure how to set it up exactly. I can't fathom how this is supposed to work since the the VPN net technically originates from the outside already. Here's all the relevant config: access-list vpn extended permit ip any 192.168.47.0 255.255.255.0 mtu inside 1500 mtu outside 1500 ip local pool vpnpool 192.168.47.200-192.168.47.220 mask 255.255.255.0 ip verify reverse-path interface outside ip audit info action alarm drop ip audit attack action alarm drop icmp unreachable rate-limit 1 burst-size 1 icmp permit any outside global (inside) 2 interface global (outside) 1 interface nat (inside) 0 access-list vpn nat (inside) 1 0.0.0.0 0.0.0.0 nat (outside) 2 192.168.47.0 255.255.255.0 outside static (inside,outside) tcp interface 3074 XBOX360 3074 netmask 255.255.255.255 static (inside,outside) udp interface 3074 XBOX360 3074 netmask 255.255.255.255 static (inside,outside) udp interface 88 XBOX360 88 netmask 255.255.255.255 static (inside,outside) tcp interface https someids https netmask 255.255.255.255 I can post more of the config if needed. Changing 'nat (outside) 2 192.168.47.0 255.255.255.0 outside' to 'nat (outside) 2 access-list vpn outside' yields these: Jul 1 06:18:35 gatekeeper %ASA-3-305005: No translation group found for udp src outside:192.168.47.200/56003 dst outside:66.174.95.44/53 So how do I properly NAT VPN traffic so it can reach the Internet? TIA |
|
|
|
|||
|
|
| |
|
Junior Member
Join Date: Oct 2008
Posts: 8
|
|
|
|
|
||
|
|
| |
|
Junior Member
Join Date: Mar 2012
Posts: 1
|
Quote:
|
|
||
|
|
||||
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| asa 5510 remote access + nat | ted | Cisco | 0 | 11-20-2008 02:06 PM |
| VPN site to site & Remote access VPN ( vpn client) over the same interface | pasatealinux | Cisco | 1 | 12-17-2007 07:41 PM |
| Newbie Question regarding VPN, NAT, remote VPN setup | brad | Cisco | 2 | 06-15-2007 08:35 PM |
| Remote access VPNs from remote location to ASA | ikkemij@xs4all.nl | Cisco | 2 | 07-01-2006 07:18 AM |
| VPN, from nat without VPN to nat with it | Allan Wilson | Cisco | 1 | 07-05-2004 10:51 PM |
