Communicating between remote access VPN subnets

Unanswered Question
Jul 30th, 2008
User Badges:

I have two remote vpn subnets that need to communicate. I have my access list as

access-list No-NAT extended permit ip, however this does not seem to do the trick. Could these VPN's be terminating on different interfaces such as one external, one DMZ?

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
olivier.jessel Wed, 07/30/2008 - 06:53
User Badges:


Have you also setup an ACL allowing the traffic to this remote subnet ?

jgorman1977 Wed, 07/30/2008 - 06:56
User Badges:

I do have the ACL

access-list Internal line 40 extended permit ip (hitcnt=0) 0x92cd7baf


olivier.jessel Wed, 07/30/2008 - 06:59
User Badges:

no hitcount... are you sure that any previous statement of this ACL doesn't deny the traffic ?

Is your VPN up ? ipsec or GRE ?

jgorman1977 Wed, 07/30/2008 - 07:08
User Badges:

Both are IPSec and both are up. The subnet is our VPN client subnet to the ASA and the subnet are Cisco 871's terminating to the ASA.

olivier.jessel Wed, 07/30/2008 - 07:22
User Badges:

if I right understand, both are remote...

Have you configured split-tunneling ?

jgorman1977 Wed, 07/30/2008 - 07:32
User Badges:

Yes, they are both remote. I have the following split-tunnel acl:

access-list Indy-Remote_splitTunnelAcl_1 line 28 extended permit ip (hitcnt=0) 0x5a58ce89

The main issue is i have users on the 172.18 subnet using IP communicator trying to contact users on the 172.16 subnet also using IP communicator. They cannot hear each other. The Call Manager server is located with the ASA, so I wouldn't think there would be enough delay to the packets to cause this issue.

Thanks again.


This Discussion