07-07-2008 06:18 PM
Hi All,
Area0 & Area1. Area1 ASA has remote VPN configuration where users uses split tunneling also. When users VPN-in, they successfully access all the respurces in Area1, but unable to reach resources in Area0.
But Area0 PCs able to 'ping' the VPN-in IPs. I tried 'debug icmp trace', but not even single message poping up while initiate the 'ping' from VPN-in users laptop.
fyi.. Area1 N/W: 10.251.0.0/16 and 10.251.40.0/24 has been used for VPN users DHCP. Everything works fine except for reachability to Area0.
Any suggestions..?
Thank you
MS
Solved! Go to Solution.
07-08-2008 12:59 AM
access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0
access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0
07-07-2008 06:40 PM
correction.... Area0 PCs also unable to reach VPN-in users....
thank you
MS
07-07-2008 06:52 PM
not enough information.
tell us more about your network, including routers and any other layer 3 devices.
if possible, post your firewall config.
07-07-2008 07:38 PM
07-08-2008 12:59 AM
access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0
access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0
07-08-2008 05:13 AM
Hi,
Adding
access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0 .. did the trick.
Thank you very much.
MS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide