03-19-2009 10:32 AM
I have a remote device, and I need to tunnel into my network and access local resources.
I have setup a Tunnel Group in my ASA5510.
I can connect and authenticate, but cannot seem to ping internal devices on the network.
The IP pool for the tunnel assigns the following range: 172.16.100.1 - 172.16.100.254.
My client received the 172.16.100.1 address on the virtual VPN adapter.
I cannot get out to the internet, nor can I ping devices inside my network.
The internal network is 10.4.4.x
My IP addressing is as follows:
PPP adapter NationalAccess - BroadbandAccess:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 75.193.71.148
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Ethernet adapter VPN#1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.100.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.100.1
The only thing I can ping is the ASA device itself. No local addresses and no global addresses.
The tunneled taffic is coming in on the outside firewall interface, so do I need to add an ACE to allow it inside?
I am not sure how VPN routing occurs.
03-19-2009 12:15 PM
I used split tunneling and it changed my IP addressing to the following:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 75.193.71.148
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 75.193.71.148
Ethernet adapter VPN#1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.100.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
So I am now able to access the Internet, just not devices in my network.
03-24-2009 02:06 AM
Check configuration on the ASA.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: