Access Multiple Network Segments over VPN

Unanswered Question
May 2nd, 2008

Our client has a 5510 with 5505 at three branch offices. I am able to access the 5510 through remote access vpn, but need to be able to run a Lansurveyor to maintain inventory on their network. I can only access the segment of the network that I vpn to. How can I access the other segments while connected to the 5510. Here's a summary. I can connect to 192.168.10.0/24 via remote access vpn, but also need to have access to 192.168.30.0/24, 192.168.40.0/24, and 192.168.50.0/24.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Sat, 05/03/2008 - 20:41

You need to create acl on asa5510 where you are VPNing into in order to permit vpn network to access other inside segmets for 192.168.30.0,40,and 50 respectivately.

for example if the vpn RA network on the asa5510 that assign addresses to vpn clients is 192.168.10.0/24 create acl to permit vpn net to inside nets.

access-list inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.40.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 192.168.10.0 255.255.255.0

nat(inside) 0 access-list inside_nat0_outbound

HTH

Jorge

daortego0923 Tue, 05/06/2008 - 16:18

I've entered your recommendations, but still no luck. Do I need to make changes to each ASA 5505 as well, or just the 5510?

Thanks

JORGE RODRIGUEZ Wed, 05/07/2008 - 09:41

Hi Dillard, are the 192.168.30.0, and 192.168.40 and 50 behind the 5510 firewall? I thought so if not please confirm, puting the lansurveyor aside for a minute when you vpn to 5510 are you able to connect to any host on the 192.168.30,40,50 segments at all? can you from the other side 5510 firewall see logs to find out if there is any NAT issues when trying to access those segments, get this part straighten out first before moving onto the lansurveyor part.

Rgds

-Jorge

I am in the same boat and the posted suggestion/solution doesn't appear to apply.

From behind the 5510 I can access everything at the branch offices. When I VPN into the 5510 I can only access what is on that network, nothing at any of the branch offices. I'd like to be able to VPN into the 5510 and be able to access each branch office's network.

Please advise, thanks!

Actions

This Discussion