Intervlan routing not working over VPN

cowetacoit · ‎04-28-2008

I have a 4506 doing my intervlan routing. I have several vlans. That 4506 is connected to a ASA5520. I have a vendor that is trying to VPN into the network. He can get connect via VPN, the ASA gives him an IP from the address pool. He just can't hit his server which is on a different vlan. Further troubleshooting shows that i can't hit any other vlans except the vlan i have the pool assigned to. Any suggestions?

JORGE RODRIGUEZ · ‎04-28-2008

can you post the config or double check wether you have nat exempt acls permiting vpn pool subnet to local subnets? I assume asa can reach internal subnets in 4500.

example assume two of you inside subnets in 4500 switch are 10.30.30.0/24 10.40.40.0/24 and your vpn pool network is 192.168.1.0/24

in example acl should be as this.

access-list inside_nat0_outbound extended permit ip 10.30.30.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 10.40.40.0 255.255.255.0 192.168.1.0 255.255.255.0

nat(inside) 0 access-list inside_nat0_outbound

Regards

Jorge

Jorge Rodriguez

cowetacoit · ‎04-29-2008

Excellent. No need to post config. I got it. Thanks for your help.

JORGE RODRIGUEZ · ‎04-29-2008

Michael, post the update whether you still have problem.

Bst Rgds

Jorge

Jorge Rodriguez