03-19-2009 10:32 AM
I have a remote device, and I need to tunnel into my network and access local resources.
I have setup a Tunnel Group in my ASA5510.
I can connect and authenticate, but cannot seem to ping internal devices on the network.
The IP pool for the tunnel assigns the following range: 172.16.100.1 - 172.16.100.254.
My client received the 172.16.100.1 address on the virtual VPN adapter.
I cannot get out to the internet, nor can I ping devices inside my network.
The internal network is 10.4.4.x
My IP addressing is as follows:
PPP adapter NationalAccess - BroadbandAccess:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 75.193.71.148
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter VPN#1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.100.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.100.1
The only thing I can ping is the ASA device itself. No local addresses and no global addresses.
The tunneled taffic is coming in on the outside firewall interface, so do I need to add an ACE to allow it inside?
I am not sure how VPN routing occurs.
03-19-2009 12:15 PM
I used split tunneling and it changed my IP addressing to the following:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 75.193.71.148
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 75.193.71.148
Ethernet adapter VPN#1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.100.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
So I am now able to access the Internet, just not devices in my network.
03-24-2009 02:06 AM
Check configuration on the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide