I'm using an ASA 5510 for a large network containing multiple subnets, some of which (wireless) have limited network access. I'd like to allow the wireless users to be able to VPN in for full network access, however none of the hosts on the inside network are able to connect to the VPN, or even ping the ASA external interface.
I'm assuming this has something to do with my NAT rules getting in the way. Can anyone point me in the right direction?
Here's the running-config (sanitized): http://pastebin.com/snN4AVSA
packet-tracer ping from inside to outside: http://pastebin.com/hX8X8kTr
You won't be able to access your VPN from inside network due to routing.
No luck here or on the Cisco forums, I'm still convinced this is possible, though. Oh well, in any event I ended up creating a separate VLAN for secured 802.1x wireless.
I think the easiest way to achieve what you want would be to connect your Access Points outside the ASA, or in some sort of DMZ. Then you are not trying to do something too different from the norm - e.g. give VPN access to clients outside the secure network, while keeping untrusted clients out.