07-07-2008 06:18 PM
Hi All,
Area0 & Area1. Area1 ASA has remote VPN configuration where users uses split tunneling also. When users VPN-in, they successfully access all the respurces in Area1, but unable to reach resources in Area0.
But Area0 PCs able to 'ping' the VPN-in IPs. I tried 'debug icmp trace', but not even single message poping up while initiate the 'ping' from VPN-in users laptop.
fyi.. Area1 N/W: 10.251.0.0/16 and 10.251.40.0/24 has been used for VPN users DHCP. Everything works fine except for reachability to Area0.
Any suggestions..?
Thank you
MS
Solved! Go to Solution.
07-08-2008 12:59 AM
access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0
access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0
07-07-2008 06:40 PM
correction.... Area0 PCs also unable to reach VPN-in users....
thank you
MS
07-07-2008 06:52 PM
not enough information.
tell us more about your network, including routers and any other layer 3 devices.
if possible, post your firewall config.
07-07-2008 07:38 PM
07-08-2008 12:59 AM
access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0
access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0
07-08-2008 05:13 AM
Hi,
Adding
access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0 .. did the trick.
Thank you very much.
MS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: