Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
5
Replies

Remote VPN users unable to reach OSPF Inter Area Networks

Go to solution
mvsheik123
Level 7
Level 7

‎07-07-2008 06:18 PM

Hi All,

Area0 & Area1. Area1 ASA has remote VPN configuration where users uses split tunneling also. When users VPN-in, they successfully access all the respurces in Area1, but unable to reach resources in Area0.

But Area0 PCs able to 'ping' the VPN-in IPs. I tried 'debug icmp trace', but not even single message poping up while initiate the 'ping' from VPN-in users laptop.

fyi.. Area1 N/W: 10.251.0.0/16 and 10.251.40.0/24 has been used for VPN users DHCP. Everything works fine except for reachability to Area0.

Any suggestions..?

Thank you

MS

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.alekseev
Level 7
Level 7

‎07-08-2008 12:59 AM

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

View solution in original post

0 Helpful
5 Replies 5

Go to solution
mvsheik123
Level 7
Level 7

‎07-07-2008 06:40 PM

correction.... Area0 PCs also unable to reach VPN-in users....

thank you

MS

0 Helpful

Go to solution
srue
Level 7
Level 7
In response to mvsheik123

‎07-07-2008 06:52 PM

not enough information.

tell us more about your network, including routers and any other layer 3 devices.

if possible, post your firewall config.

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to srue

‎07-07-2008 07:38 PM

Please find the attached.

Area0 L3 device <-> Area251 L3 device we have a 100Meg P2P link runs OSPF. i took out the config that is not needed from the devices.

Please review and suggest.

Thank you

MS

Preview file
2 KB
0 Helpful

Go to solution
a.alekseev
Level 7
Level 7

‎07-08-2008 12:59 AM

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

0 Helpful

Go to solution
mvsheik123
Level 7
Level 7
In response to a.alekseev

‎07-08-2008 05:13 AM

Hi,

Adding

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0 .. did the trick.

Thank you very much.

MS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents