local access over ssl vpn

Hello

Here is the configuration:

(Location A) - Internet users - ASA (ssl vpn) - location

situation users use ssl vpn over the Internet to connect to resources in the location b. is successful.

However, A users location need access to their own network resources internal to A while they are still connected to the SSL VPN.

So if a user of location is connected to the ssl vpn, they can ping to ip addresses in the location B, but their own network internal ip is second to pings.

ASA worm is 8.0 (4)

Please help, how it can be done, and if there is a different Setup for this. Do we need to use the tunnel.

Thanks in advance.

Correct, so instead of tunneling ALL traffic, you only tunnel 154.65.0.0/22

sslvpnsplittunnel standard access list ip 154.65.0.0 allow 255.255.252.0

Apply the ACL to the SSL VPN group policy

Tags: Cisco Security

Similar Questions

  • Control the access of the user for the SSL VPN profile.

    I have two ssl vpn profile, can I restricted the user to access only ssl vpn profile, when they get to the page of the ssl vpn service. Each profile to create different types of access, and they will have different client IP address.

    Hello

    Yes, using different ways; one of them is using group-lock, which is a simple check to validate if the Tunnel group or the connection profile as you called it with that sign corresponds to what you have defined under group policy. If the value of Tunnel-Group-Lock (condition true), the VPN remote access session is allowed to install;  otherwise the session is not allowed to be implemented.

    The tunnel-group-lock featurecan be defined as follows:

    • via the group-policy setting locally on ASA
    • via the LDAP attribute
    • via the Radius attribute

    http://www.Cisco.com/en/us/partner/docs/security/ASA/asa82/configuration/guide/vpngrp.html#wp1134870

    Step 4

    Kind regards

  • SSL VPN from Cisco ASA and ACS 5.1 change password

    Dear Sir.

    I am tring configure ASA to change the local password on ACS 5.1. When the user access with ssl vpn if the ACS 5.1 password expiration date. ASA will display the dialog box or window popup to change the password. But it does not work. I'm tring to Setup with the functionality of password management on the SAA. When I enable password management it will not work and is unable to change the password. Could you tell me about this problem?

    Thank you

    Aphichat

    

    Dear Sir,
    

    I'm tring to setup ASA to change local password on ACS 5.1. When user access with ssl vpn if password on ACS 5.1 expire. ASA will show dialog box or pop-up to change password. But It don't work. I'm tring to setup with password management feature on ASA . When I enable password management it don't work and can't to change password. Could you advise me about this problem?
    

    Thank you
    

    Aphichat

    Hi Aphichat,

    Go to the password link below change promt via AEC in ASA: -.

    https://supportforums.Cisco.com/docs/doc-1328;JSESSIONID=A51E68318579261787BD60DDA0707819. Node0

    Hope to help!

    Ganesh.H

    Don't forget to note the useful message

  • Profile SSL VPN question

    I did some research and have not been able to find an answer to this. Is it possible to direct a user to a specific SSL VPN profile based on the URL they enter to access the SSL VPN page?

    For SAA, take a look at the following:

    If you want users to see a drop down menu to choose from:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808bd83d.shtml

    Otherwise, take a look at the Group-url command:

    http://Cisco.com/en/us/docs/security/ASA/asa80/command/reference/GH.html#wp1731227

    But it might not support/sales/marketing feature, you must have different URLS, I think

    WebVPN - ventes.com

    WebVPN - marketing.com

    Concerning

    Farrukh

  • SSL VPN client anyconnect - login page does not appear

    I have an ASA5510 I am setting up for remote access using SSL VPN with the anyconnect client. I followed the guides of configuration on the Cisco's Web site and elsewhere on the internet without success configuration guides.

    When you go to https://(outsdie interface ip address), I get nothing, the browser never loads a page. Here are the commands I entered:

    WebVPN

    allow outside

    SVC disk0:/anyconnect-win-2.5.3046-k9.pkg 1 image

    SVC disk0:/anyconnect-macosx-powerpc-2.5.3046-k9.pkg 2 image

    Picture disk0:/anyconnect-macosx-i386-2.5.3046-k9.pkg 3 SVC

    enable SVC

    tunnel-group-list activate

    in-house VRx-WebVPN group policy

    Group Policy attributes VRx-WebVPN

    Server DNS 192.168.100.11 value

    VPN-tunnel-Protocol svc

    Split-tunnel-policy tunnelspecified

    Split-tunnel-network-list value split

    VRX.NET value by default-field

    WebVPN

    SVC Dungeon-Installer installed

    time to generate a new key of SVC 30

    SVC generate a new method ssl key

    SVC request no svc default

    remote type tunnel-group VRx-WebVPN access

    attributes global-tunnel-group VRx-WebVPN

    address value vpn_pool pool

    authentication-server-group VRxAD

    Group Policy - by default-VRx-WebVPN

    tunnel-group VRx-WebVPN webvpn-attributes

    enable VRx-WebVPN group-alias

    We never seen this before - any ideas or what would be useful in troubleshooting this?

    Thank you in advance!

    Dave

    Hello David,.

    Hmm... I'll do a quick true lab setup for this.

    Edit: My own work without problem, it be something else on the configuration that is not allowing you to get the anyconnect portal.

    I used the same image anyconnect and the same ASA image.

    Julio

  • Cisco ASA to make use of several CAs SSL VPN

    Hello

    I was wondering if it would be possible to set up authentication for different users who connect over ssl vpn based on the SAA for different certificate? An example would be the following:

    User A user of authority A certificate would (for non admin)

    User B would make use of certiifcate authority B (for administrators)

    I don't know that it is possible using a single certification authority; However not too course of multiple CA for the different vpn users.

    Thank you.

    Hi CSCO10675262

    Yes, this should be no problem. Simply create a for each CA trustpoint.

    HTH

    Herbert

  • (Browser) clientless SSL VPN access is not allowed.

    I'm trying to set up an additional Anyconnect vpn profile.  I have one that is working properly but this news will not.  When I try to log in to download the client or try to connect with a computer that already has the customer I can not.

    The client side receives this error: "access (Browser) Clientless SSL VPN is not allowed."

    On the ASA journal:

    4 May 10, 2010 11:42:17 722050 group user <> IP <10.12.x.x>Session is over: SVC is not enabled for the user
    4 May 10, 2010 11:42:17 group 113019 =, Username =, IP = 0.0.0.0, disconnected Session. Session type:, time: 0 h: 00 m: 00s, xmt bytes: 0, RRs bytes: 0, right: unknown

    He does reference the main our ipsec connection group name.  I think it's very strange.  Here's the part of my config that treats the ssl client.

    tunnel-group type SSL - RDP remote access only
    tunnel-group SSL-RDP-Only general attributes
    address pool SSL_VPN_Users
    authentication-server-group FUN-LDAP
    Group Policy - by default-SSL-RDP
    tunnel-group SSL-RDP-Only webvpn-attributes
    enable VPN_FUN group-alias
    allow group-url https://64.244.9.X/VPN_FUN

    internal SSL - RDP group strategy
    attributes of SSL - RDP group policy
    value of VPN-filter RDP_only
    VPN-tunnel-Protocol svc webvpn
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list RDPonlyVPN_splitTunnelAcl
    WebVPN
    list of URLS no
    SVC request no svc default
    Standard access list RDPonlyVPN_splitTunnelAcl allow 10.12.x.0 255.255.255.0
    Standard access list RDPonlyVPN_splitTunnelAcl allow 10.12.x.0 255.255.255.0
    Standard access list RDPonlyVPN_splitTunnelAcl allow 10.12.x.0 255.255.255.0
    Standard access list RDPonlyVPN_splitTunnelAcl allow 10.12.x.0 255.255.255.0
    RDP_only list extended access permitted tcp SSLVPN-pool 255.255.255.0 10.12.x.0 255.255.255.0 eq 3389
    Comment by RDP_only-.x RDP access list
    RDP_only list extended access permitted tcp SSLVPN-pool 255.255.255.0 10.12.x.0 255.255.255.0 eq 3389
    Comment by RDP_only-.x RDP access list
    RDP_only list extended access permitted tcp SSLVPN-pool 255.255.255.0 10.12.x.0 255.255.255.0 eq 3389
    Comment by RDP_only-.x RDP access list
    RDP_only list extended access permitted tcp SSLVPN-pool 255.255.255.0 10.12.x.0 255.255.255.0 eq 3389

    mask of local pool SSL_VPN_Users 10.12.20.1 - 10.12.20.100 IP 255.255.255.255

    Post edited by: kyle.southerland

    After reviewing the config, the difference between groups Anyconnect and SSL-RDP-Only is the AAA server.

    AnyConnect group uses the radius for authentication (RAS01) server, while the SSL-RDP-Only group uses an LDAP server for authentication (FUN-LDAP), and the configuration of the FUN-LDAP server, you configure the mapping of LDAP attributes, which is to map the group "An1meR0xs".

    To test, change authentication LDAP aaa RADIUS for the newly created group.

    Hope that helps.

  • Cannot access internal network so AnyConnect SSL VPN, ASA 9.1 (6)

    Hello Cisco community support,

    I have a lab which consists of two virtual environments connected to a 3750-G switch that is connected to a 2901 router which is connected to an ASA 5512 - X which is connected to my ISP gateway. I configured SSL VPN using AnyConnect and can establish a VPN to the ASA from the outside but once connected, I can't access internal network resources or access the internet. My information network and ASA configuration is listed below. Thank you for any assistance you can offer.

    ISP network gateway: 10.1.10.0/24

    ASA to the router network: 10.1.40.0/30

    Pool DHCP VPN: 10.1.30.0/24

    Network of the range: 10.1.20.0/24

    Development network: 10.1.10.0/24

    : Saved
    :
    : Serial number: FCH18477CPT
    : Material: ASA5512, 4096 MB RAM, CPU Clarkdale 2793 MHz, 1 CPU (2 cores)
    :
    ASA 6,0000 Version 1
    !
    hostname ctcndasa01
    activate bcn1WtX5vuf3YzS3 encrypted password
    names of
    cnd-vpn-dhcp-pool 10.1.30.1 mask - 255.255.255.0 IP local pool 10.1.30.200
    !
    interface GigabitEthernet0/0
    nameif inside
    security-level 100
    IP 10.1.40.1 255.255.255.252
    !
    interface GigabitEthernet0/1
    nameif outside
    security-level 0
    address IP X.X.X.237 255.255.255.248
    !
    interface GigabitEthernet0/2
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/3
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/4
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/5
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface Management0/0
    management only
    nameif management
    security-level 100
    IP 192.168.1.1 255.255.255.0
    !
    boot system Disk0: / asa916-1-smp - k8.bin
    boot system Disk0: / asa912-smp - k8.bin
    passive FTP mode
    permit same-security-traffic intra-interface
    network of the NETWORK_OBJ_10.1.30.0_24 object
    10.1.30.0 subnet 255.255.255.0
    network obj_any object
    network obj_10.1.40.0 object
    10.1.40.0 subnet 255.255.255.0
    network obj_10.1.30.0 object
    10.1.30.0 subnet 255.255.255.0
    outside_access_in list extended access permitted ip object NETWORK_OBJ_10.1.30.0_24 all
    FREE access-list extended ip 10.1.40.0 NAT allow 255.255.255.0 10.1.30.0 255.255.255.0
    access-list 101 extended allow any4 any4-answer icmp echo
    access-list standard split allow 10.1.40.0 255.255.255.0
    pager lines 24
    Enable logging
    asdm of logging of information
    Within 1500 MTU
    Outside 1500 MTU
    management of MTU 1500
    ICMP unreachable rate-limit 1 burst-size 1
    ICMP allow any inside
    ICMP allow all outside
    ASDM image disk0: / asdm - 743.bin
    don't allow no asdm history
    ARP timeout 14400
    no permit-nonconnected arp
    NAT (inside, outside) source obj_10.1.40.0 destination obj_10.1.40.0 static static obj_10.1.30.0 obj_10.1.30.0 non-proxy-arp-search to itinerary
    NAT (inside, outside) static source any any static destination NETWORK_OBJ_10.1.30.0_24 NETWORK_OBJ_10.1.30.0_24 non-proxy-arp-search to itinerary
    Access-group outside_access_in in interface outside
    !
    Router eigrp 1
    Network 10.1.10.0 255.255.255.0
    Network 10.1.20.0 255.255.255.0
    Network 10.1.30.0 255.255.255.0
    Network 10.1.40.0 255.255.255.252
    !
    Route outside 0.0.0.0 0.0.0.0 10.1.10.1 1
    Timeout xlate 03:00
    Pat-xlate timeout 0:00:30
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    without activating the user identity
    identity of the user by default-domain LOCAL
    Enable http server
    http 192.168.1.0 255.255.255.0 management
    http 192.168.1.0 255.255.255.0 inside
    http X.X.X.238 255.255.255.255 outside
    No snmp server location
    No snmp Server contact
    Crypto ipsec pmtu aging infinite - the security association
    Crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
    registration auto
    full domain name no
    name of the object CN = 10.1.30.254, CN = ctcndasa01
    ASDM_LAUNCHER key pair
    Configure CRL
    trustpool crypto ca policy
    string encryption ca ASDM_Launcher_Access_TrustPoint_0 certificates
    certificate c902a155
    308201cd 30820136 a0030201 020204c 0d06092a 864886f7 0d 010105 9 02a 15530
    0500302b 31133011 06035504 03130 has 63 61736130 31311430 12060355 74636e64
    0403130 31302e31 2e33302e 32353430 1e170d31 35303731 32303530 3133315a b
    170d 3235 30373039 30353031 33315 has 30 2 b 311330 0403130a 11060355 6374636e
    64617361 30313114 30120603 55040313 0b31302e 312e3330 2e323534 30819f30
    0d06092a 864886f7 010101 05000381 8 d 0d 003081 89028181 00a47cfc 6b5f8b9e
    9b106ad6 857ec34c 01028f71 d35fb7b5 6a61ea33 569fefca 3791657f eeee91f2
    705ab2ea 09207c4f dfbbc18a 749b19ae d3ca8aa7 3370510b a5a96fd4 f9e06332
    4355 db1a4b88 475f96a1 318f7031 40668a4d afa44384 819d fa164c05 2e586ccc
    3ea59b78 5976f685 2abbdcf6 f3b448e5 30aa96a8 1ed4e178 0001300 020301 4 d d
    06092a 86 01010505 00038181 0093656f 639e138e 90b69e66 b50190fc 4886f70d
    42d9b4a8 11828da4 e0765d9c 52d84f8b 8e70747e e760de88 c43dc5eb 1808bd0f
    fd2230c1 53f68ea1 00f3e956 97eb313e 26cc49d7 25b927b5 43d8d3fa f212fcaf
    59eb8104 98e3a1d9 e05d3bcb 428cd7c6 61b530f5 fe193d15 ef8c7f08 37ad16f5
    d8966b50 917a88bb f4f30d82 6f8b58ba 61
    quit smoking
    Telnet timeout 5
    SSH stricthostkeycheck
    SSH timeout 5
    SSH group dh-Group1-sha1 key exchange
    Console timeout 0
    VPN-addr-assign local reuse / 360 time
    management of 192.168.1.2 - dhcpd address 192.168.1.254
    enable dhcpd management
    !
    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    Trust ASDM_Launcher_Access_TrustPoint_0 vpnlb-ip SSL-point
    SSL-trust outside ASDM_Launcher_Access_TrustPoint_0 point
    WebVPN
    allow outside
    AnyConnect image disk0:/anyconnect-linux-3.1.09013-k9.pkg 4
    AnyConnect image disk0:/anyconnect-macosx-i386-3.1.09013-k9.pkg 5
    AnyConnect image disk0:/anyconnect-win-3.1.09013-k9.pkg 6
    AnyConnect enable
    tunnel-group-list activate
    internal GroupPolicy_cnd-vpn group policy
    GroupPolicy_cnd-vpn group policy attributes
    WINS server no
    value of server DNS 8.8.8.8
    client ssl-VPN-tunnel-Protocol
    by default no
    xxxx GCOh1bma8K1tKZHa username encrypted password
    type tunnel-group cnd - vpn remote access
    tunnel-group global cnd-vpn-attributes
    address-cnd-vpn-dhcp-pool
    strategy-group-by default GroupPolicy_cnd-vpn
    tunnel-group cnd - vpn webvpn-attributes
    activation of the alias group cnd - vpn
    !
    ICMP-class class-map
    match default-inspection-traffic
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map icmp_policy
    icmp category
    inspect the icmp
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    Review the ip options
    inspect the icmp
    !
    global service-policy global_policy
    service-policy icmp_policy outside interface
    context of prompt hostname
    no remote anonymous reporting call
    Cryptochecksum:261228832f3b57983bcc2b4ed5a8a9d0
    : end
    ASDM image disk0: / asdm - 743.bin
    don't allow no asdm history

    Can you confirm that this is correct, your diagram shows your IP address public on ASA as 30 while you have assinged on 'outside' interface like 29?

  • prevent the SSL VPN user to access ASA cli

    Hello

    I set up multiple users on my ASA in its local database.

    These users are used for the ssl vpn connection, but the problem I have is that users

    also have SSH access. Is it possible to avoid this?

    Thank you

    Hello Raf,

    If you do something like this:

    username xxx attributes

    type of remote access service

    the user should not get access CLI more.

    Kind regards

    Bastien

  • Clientless SSL VPN access to HP iLO

    Equipment:

    ASA5505

    Access without client configured for SSL VPN and it works fine for everything except the connectivity to a HP iLO.  When I go to the http address, I see the redirect page, but as soon as it accesses the https page, I get the following text:

    Failed connection
    Server 192.168.10.252 unavailable.

    It happens on all HP iLO web sites that I'm trying to connect.

    Here is my config for debugging:

    debugging html 255 webvpn

    debugging webvpn request 255

    debugging response 255

    debugging webvpn url 255

    debugging util 255 webvpn

    When I try to reach the site, I get the following:

    #0XCB4DC9C0 (GET). Request line:/+CSCO+0075676763663A2F2F697A7679622E716E79766176662E7962706E79++/login.htm

    #0xcb4dc9c0 hand-off to CTE.

    #0XCB4DC3C0 (GET). Request line:/+CSCOE+/portal.css

    Start #0xcb4dc3c0 (response)

    #0xcb4dc3c0 of the file to run: /+CSCOE+/portal.css

    #0xcb4dc3c0 (answer) Manager open file [/ + CSCOE + / portal.css]

    #0xcb4dc3c0 (answer) page treatment LUA.

    #0xcb4dc3c0 (answer) finished, persistent connection.

    #0XCB4DCCC0 (GET). Request line:/+CSCOU+/gradient.gif

    Start #0xcb4dccc0 (response)

    #0xcb4dccc0 of the file to run: /+CSCOU+/gradient.gif

    #0xcb4dccc0 (answer) Manager open file [/ + CSCOU + / gradient.gif]

    #0xcb4dccc0 (answer) treatment C page.

    #0xcb4dccc0 (answer) finished, persistent connection.

    As you can see, it does not give much information.  I don't really know why it works not only with HP iLO, but it works with everything else.  Any help would be greatly appreciated.  Thank you.

    Gus

    Not exactly how the HP ilo application works, but if it calls java this will cause your question because you are only allowing http or https through the client less portal. Try and activate smart tunnel and allow the java.exe on your local computer to use the smart tunnel. This will force your local java client to be sent through tunnel via ssl (443)

    Sent by Cisco Support technique iPad App

  • I can't access my email works through outlook over a VPN. The signin VPN works ok, I can see my network co., but can not use outlook. 'Microsoft Exchange Server' reported an error (0 x 80040115)

    prospects for bt infinity

    I recently changed my home to infinity of BT broadband.  Now I can't access my email works through outlook over a VPN.  The signin VPN works ok, I can see my network co., but can not use outlook.   I get the following error at startup of outlook.

    Task 'Microsoft Exchange Server' reported an error (0 x 80040115): ' the connection to the Microsoft Exchange Server is unavailable.  Outlook must be online or connected to complete this action. »

    Anyone have any ideas?

    Allan M

    Hello

    Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet Windows 7 networking forum.

    Ramata Thakur

  • RVL200 ssl vpn, I'm not able to access resources network or ping of the Home Office

    I had installed a Linksys router using port forwarding to allow remote access to the server desktop remotely. I had some problems with it and I've always wanted a vpn connection to the office, but I could not ' operate. So I bought the RVL200 after that I read on it and ssl vpn.

    I have the router installed right after the modem cable to the office. I'm able to hit the external ip address of the House. I have the router to access the Server Active directory for connections. The connection works fine, all the different active directory accounts have access to the vpn through this. I am also able to make administration of the router remotely. I am able to connect to the vpn and get connected virtual passage. The icon in the systray says that everything is good. With all this, I'm not able to ping every address on the remote network. I can't reach all the network resources as \\pdrserver\irms or my print server ip address. I can't use network XP Favorites to find anything on the remote network.

    Someone has an idea what I am doing wrong? I appreciate the help.

    I thought about it. I was using the same IP for the home and office. It was confusing. I changed my IP to another system. Home office and now 12.4.4.X now 11.4.4.X. After that, everything worked as it should. Readers without mapped problem, ping remote computers. I could access the remote print servers. Works well. So make sure that you do not use the same IP addresses on both sides of the VPN.

  • Of SSL VPN is not able to access from the outside

    Configuration SSL VPN, unable to access from outside, when trying to access the browser site, it says "cannot display the Page.

    Area basic firewall is configured, there must be something that I'm missing, please see the attached config.

    Any help please

    Looks like you will have to allow SSL VPN from the WAN traffic to the free zone (ZP-WAN-to-self), so you need to update the political map (PMAP-JM-WAN) in particular the ACL (ACL-VPN-PROTOCOL), must allow access to port 443 of any source IP address:

    permit tcp any  eq 443
    .. .should do the trick. Cheers, Seb.

  • access of entrepreneurs and employees of the web site in-house using clientless ssl vpn.

    We have a layout of web SSL VPN without customer who allow employees and suppliers of connection and internal display web page.  I wonder if possible separate employees and contractors to access internal pages.  The internal web page has no authentication of users.  They would like to see if it is possible that traffic employees get proxy behind interface INSIDE IP de ASA and entrepreneur behind a different IP address proxy traffic.  Thus, the internal web page can check IP to contractor and only give them access to view certain web page, but not all pages.

    Hello

    Creating a group policy for each user group will be a good option, you can also use DAP to assign an ACL web to the user who logs on the portal without client, you can use the Radius, LDAP or Cisco attributes to associate the DAP for the user. For example, if you are using LDAP, you can create 2 groups separated here for employees and entrepreneurs and based on the LDAP user group membership, they will be assigned to specific web acl configured according to their access restrictions.

    You can follow this link to set up an acl of web:

    http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa83/asdm63/Configura...

    Once the ACL is ready, you can follow this guide to configure the DAP Protocol: "check the web for acls figure10.

    http://www.Cisco.com/c/en/us/support/docs/security/ASA-5500-x-series-NEX...

    Thank you, please note!

  • RVL200 SSL VPN: cannot access a remote LAN with iPad2

    RVL200 firmware 1.1.12.1

    iPad2 cannot access any device on the Remote LAN despite the closed padlock icon.

    Is there another App needed? Or how to debug SSL VPN?

    Emmanuel,

    Were you able to access the LAN devices? Also, have you connected using a Mac or a PC successfully to verify that the devices are available? Sometimes antivirus and firewall software can block access to devices from a remote IP address.

Maybe you are looking for