VPN Remote Access

oneirishpollack · ‎03-19-2009

I have a remote device, and I need to tunnel into my network and access local resources.

I have setup a Tunnel Group in my ASA5510.

I can connect and authenticate, but cannot seem to ping internal devices on the network.

The IP pool for the tunnel assigns the following range: 172.16.100.1 - 172.16.100.254.

My client received the 172.16.100.1 address on the virtual VPN adapter.

I cannot get out to the internet, nor can I ping devices inside my network.

The internal network is 10.4.4.x

My IP addressing is as follows:

PPP adapter NationalAccess - BroadbandAccess:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 75.193.71.148

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . :

Ethernet adapter VPN#1:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.100.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.100.1

The only thing I can ping is the ASA device itself. No local addresses and no global addresses.

The tunneled taffic is coming in on the outside firewall interface, so do I need to add an ACE to allow it inside?

I am not sure how VPN routing occurs.

oneirishpollack · ‎03-19-2009

I used split tunneling and it changed my IP addressing to the following:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 75.193.71.148

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . : 75.193.71.148

Ethernet adapter VPN#1:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 172.16.100.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

So I am now able to access the Internet, just not devices in my network.

a.alekseev · ‎03-24-2009

Check configuration on the ASA.