Access Multiple Network Segments over VPN

Unanswered Question
May 2nd, 2008
User Badges:

Our client has a 5510 with 5505 at three branch offices. I am able to access the 5510 through remote access vpn, but need to be able to run a Lansurveyor to maintain inventory on their network. I can only access the segment of the network that I vpn to. How can I access the other segments while connected to the 5510. Here's a summary. I can connect to via remote access vpn, but also need to have access to,, and

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Sat, 05/03/2008 - 20:41
User Badges:
  • Green, 3000 points or more

You need to create acl on asa5510 where you are VPNing into in order to permit vpn network to access other inside segmets for,40,and 50 respectivately.

for example if the vpn RA network on the asa5510 that assign addresses to vpn clients is create acl to permit vpn net to inside nets.

access-list inside_nat0_outbound extended permit ip

access-list inside_nat0_outbound extended permit ip

access-list inside_nat0_outbound extended permit ip

nat(inside) 0 access-list inside_nat0_outbound



daortego0923 Tue, 05/06/2008 - 16:18
User Badges:

I've entered your recommendations, but still no luck. Do I need to make changes to each ASA 5505 as well, or just the 5510?


JORGE RODRIGUEZ Wed, 05/07/2008 - 09:41
User Badges:
  • Green, 3000 points or more

Hi Dillard, are the, and 192.168.40 and 50 behind the 5510 firewall? I thought so if not please confirm, puting the lansurveyor aside for a minute when you vpn to 5510 are you able to connect to any host on the 192.168.30,40,50 segments at all? can you from the other side 5510 firewall see logs to find out if there is any NAT issues when trying to access those segments, get this part straighten out first before moving onto the lansurveyor part.



I am in the same boat and the posted suggestion/solution doesn't appear to apply.

From behind the 5510 I can access everything at the branch offices. When I VPN into the 5510 I can only access what is on that network, nothing at any of the branch offices. I'd like to be able to VPN into the 5510 and be able to access each branch office's network.

Please advise, thanks!


This Discussion