Remote VPN users unable to reach OSPF Inter Area Networks

Answered Question
Jul 7th, 2008
User Badges:
  • Gold, 750 points or more

Hi All,


Area0 & Area1. Area1 ASA has remote VPN configuration where users uses split tunneling also. When users VPN-in, they successfully access all the respurces in Area1, but unable to reach resources in Area0.

But Area0 PCs able to 'ping' the VPN-in IPs. I tried 'debug icmp trace', but not even single message poping up while initiate the 'ping' from VPN-in users laptop.


fyi.. Area1 N/W: 10.251.0.0/16 and 10.251.40.0/24 has been used for VPN users DHCP. Everything works fine except for reachability to Area0.


Any suggestions..?


Thank you

MS

Correct Answer by a.alekseev about 8 years 10 months ago

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mvsheik123 Mon, 07/07/2008 - 18:40
User Badges:
  • Gold, 750 points or more

correction.... Area0 PCs also unable to reach VPN-in users....


thank you

MS

srue Mon, 07/07/2008 - 18:52
User Badges:
  • Blue, 1500 points or more

not enough information.

tell us more about your network, including routers and any other layer 3 devices.

if possible, post your firewall config.

mvsheik123 Mon, 07/07/2008 - 19:38
User Badges:
  • Gold, 750 points or more

Please find the attached.

Area0 L3 device <-> Area251 L3 device we have a 100Meg P2P link runs OSPF. i took out the config that is not needed from the devices.


Please review and suggest.


Thank you

MS



Correct Answer
a.alekseev Tue, 07/08/2008 - 00:59
User Badges:
  • Gold, 750 points or more

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0


mvsheik123 Tue, 07/08/2008 - 05:13
User Badges:
  • Gold, 750 points or more

Hi,


Adding

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0 .. did the trick.


Thank you very much.


MS



Actions

This Discussion