Solved: Remote VPN users unable to reach OSPF Inter Area Networks

mvsheik123 · ‎07-07-2008

Hi All,

Area0 & Area1. Area1 ASA has remote VPN configuration where users uses split tunneling also. When users VPN-in, they successfully access all the respurces in Area1, but unable to reach resources in Area0.

But Area0 PCs able to 'ping' the VPN-in IPs. I tried 'debug icmp trace', but not even single message poping up while initiate the 'ping' from VPN-in users laptop.

fyi.. Area1 N/W: 10.251.0.0/16 and 10.251.40.0/24 has been used for VPN users DHCP. Everything works fine except for reachability to Area0.

Any suggestions..?

Thank you

MS

a.alekseev · ‎07-08-2008

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

View solution in original post

mvsheik123 · ‎07-07-2008

correction.... Area0 PCs also unable to reach VPN-in users....

thank you

MS

srue · ‎07-07-2008

not enough information.

tell us more about your network, including routers and any other layer 3 devices.

if possible, post your firewall config.

mvsheik123 · ‎07-07-2008

Please find the attached.

Area0 L3 device <-> Area251 L3 device we have a 100Meg P2P link runs OSPF. i took out the config that is not needed from the devices.

Please review and suggest.

Thank you

MS

a.alekseev · ‎07-08-2008

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

mvsheik123 · ‎07-08-2008

Hi,

Adding

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0 .. did the trick.

Thank you very much.

MS