I have fully functional cisco Anyconnect VPN running on Cisco ASA5585-X and today i got requirement that there are some remote public sites we need to whitelist our VPN public IP to access them over VPN, so anyone over cisco anyconnect can access those remote sites.
my remote sites address is 222.222.222.222 and they have whitelisted my VPN outside interface IP 111.111.111.111 (which i am trying to access using anyconnect client from my home)
Cisco ASA version is asa964
same-security-traffic permit inter-interface same-security-traffic permit intra-interface ! ip local pool ANYCONNECT-VPN-POOL 10.5.250.10-10.5.250.254 mask 255.255.255.0 ! object-group network obj-NET-PRIVATE network-object 10.0.0.0 255.0.0.0 ! object network obj-ANYCONNECT-VPN-SUBNET subnet 10.5.250.0 255.255.255.0 ! group-policy GroupPolicy_ANYCONNECT-FOO internal group-policy GroupPolicy_ANYCONNECT-FOO attributes dns-server value 10.10.0.10 10.10.0.11 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value ANYCONNECT-ROUTES-FOO default-domain value foo.com ! access-list ANYCONNECT-ROUTES-FOO standard permit 10.0.0.0 255.0.0.0 access-list ANYCONNECT-ROUTES-FOO standard permit host 222.222.222.222 ! nat (any,outside) source static any any destination static obj-ANYCONNECT-VPN-SUBNET obj-ANYCONNECT-VPN-SUBNET no-proxy-arp route-lookup ! nat (any,outside) after-auto source dynamic obj-NET-PRIVATE interface What i am missing here, i can see 222.222.222.222 route getting injected to vpn client but i can't ping or access that ip.
No comments:
Post a Comment