Intervlan routing not working over VPN

Unanswered Question
Apr 28th, 2008

I have a 4506 doing my intervlan routing. I have several vlans. That 4506 is connected to a ASA5520. I have a vendor that is trying to VPN into the network. He can get connect via VPN, the ASA gives him an IP from the address pool. He just can't hit his server which is on a different vlan. Further troubleshooting shows that i can't hit any other vlans except the vlan i have the pool assigned to. Any suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Mon, 04/28/2008 - 17:07

can you post the config or double check wether you have nat exempt acls permiting vpn pool subnet to local subnets? I assume asa can reach internal subnets in 4500.


example assume two of you inside subnets in 4500 switch are 10.30.30.0/24 10.40.40.0/24 and your vpn pool network is 192.168.1.0/24


in example acl should be as this.


access-list inside_nat0_outbound extended permit ip 10.30.30.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.40.40.0 255.255.255.0 192.168.1.0 255.255.255.0

nat(inside) 0 access-list inside_nat0_outbound



Regards

Jorge


cowetacoit Tue, 04/29/2008 - 03:31

Excellent. No need to post config. I got it. Thanks for your help.

Actions

This Discussion