Question : Cisco ASA 5505 Clientless SSL VPN unable to access any internal resource after login

Hello, I have been unable to access any internal resources after logging into the Clientless SSL VPN Portal page.

My current setup is like this: (there is no DMZ VLAN in my setup)

INTERNET
^
|
v
ADSL modem
^
|    (Outside VLAN)
v
ASA 5505
^
|    (Inside VLAN)
v
PCs

I setup the Clientless SSL VPN through the wizard in ASDM and everything went fine. I was able to login to the portal but then I couldn't access any PCs in the Inside VLAN.

Basically the ADSL modem is in the 192.168.10.X network and it also has a 1:1 mapping to the outside interface of ASA 5505. The internal network is 192.168.1.X.

Access from internal hosts to the internet is fine (through PAT).


The only thing I am able to access within the Portal is the address of the ADSL modem on 192.168.10.X :(

Can anyone help me out? Thanks. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:

------------------ show firewall ------------------

Firewall mode: Router

------------------ show running-config ------------------

: Saved
:
ASA Version 8.3(1)
!
hostname asa5505
domain-name default.domain.invalid
enable password <removed>
passwd <removed>
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 ip address 10.0.0.1 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
 switchport access vlan 3
!
interface Ethernet0/6
 switchport access vlan 3
!
interface Ethernet0/7
 switchport access vlan 3
!
boot system disk0:/asa831-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
object network obj_any
 subnet 0.0.0.0 0.0.0.0
access-list webacl webtype permit url any log default
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
!
object network obj_any
 nat (inside,outside) dynamic interface
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
 webvpn
  appl-acl webacl
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 10
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 122.56.237.1 210.55.111.1 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
 enable outside
username admin password <removed> privilege 15
username user password <removed> privilege 0
username user attributes
 vpn-group-policy DfltGrpPolicy
 webvpn
  filter value webacl
username read password <removed> privilege 0
username read attributes
 vpn-group-policy DfltGrpPolicy
 webvpn
  filter value webacl
tunnel-group vpn type remote-access
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect pptp
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email [email protected]
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

Answer : Cisco ASA 5505 Clientless SSL VPN unable to access any internal resource after login

Hi, it seems that you missed nonat!
Random Solutions  
 
programming4us programming4us