Remote VPN users unable to reach OSPF Inter Area Networks

Answered Question
Jul 7th, 2008

Hi All,

Area0 & Area1. Area1 ASA has remote VPN configuration where users uses split tunneling also. When users VPN-in, they successfully access all the respurces in Area1, but unable to reach resources in Area0.

But Area0 PCs able to 'ping' the VPN-in IPs. I tried 'debug icmp trace', but not even single message poping up while initiate the 'ping' from VPN-in users laptop.

fyi.. Area1 N/W: 10.251.0.0/16 and 10.251.40.0/24 has been used for VPN users DHCP. Everything works fine except for reachability to Area0.

Any suggestions..?

Thank you

MS

I have this problem too.
0 votes
Correct Answer by a.alekseev about 8 years 6 months ago

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mvsheik123 Mon, 07/07/2008 - 18:40

correction.... Area0 PCs also unable to reach VPN-in users....

thank you

MS

srue Mon, 07/07/2008 - 18:52

not enough information.

tell us more about your network, including routers and any other layer 3 devices.

if possible, post your firewall config.

mvsheik123 Mon, 07/07/2008 - 19:38

Please find the attached.

Area0 L3 device <-> Area251 L3 device we have a 100Meg P2P link runs OSPF. i took out the config that is not needed from the devices.

Please review and suggest.

Thank you

MS

Correct Answer
a.alekseev Tue, 07/08/2008 - 00:59

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

mvsheik123 Tue, 07/08/2008 - 05:13

Hi,

Adding

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0 .. did the trick.

Thank you very much.

MS

Actions

This Discussion