remote access vpn and routing to internal subnets

Unanswered Question

Hi,

I have configurd a remote access ipsec vpn to a ASA 5510.  I can connect to the firewall using my Cisco VPN client properly.   But there are some networks in our internal network that I was not able to connect to.

I would like to know, I have assigned an IP pool for the remote vpn client, so when I connect to the firewall through VPN,  i am assigned an IP from the pool.  The firewall is connected to a common vlan where a few routers (router A,B,C) are also connected.  All router and firewall running EIGRP.  I was able to telnet to router A,B,C when I am connected to the firewall through VPN.  But when I check the routing table on router A,B,C, I didn't see the route for my VPN IP Pool, so, my 1st questoins is:

1) how does it connect without a route to the VPN pool subnet?

Router C is connected to Router D, and I have a few subnets connected to Router D, I cannot connect to Router D or anything behind router D.

So my 2nd question is:

2) Do I have to add a static route on my vpn firewall and redistribute it into EIGRP so that router A,B,C and D will know to come to the firewall when I am connected through VPN?

Thanks for help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Wed, 01/27/2010 - 10:54

Hi Benny

Please find my comments here:

1) how does it connect without a route to the VPN pool subnet? - Though you are on a different subnet, logically you are connected to the firewall.. you can connect to the routers A,B, C on inside, because the firewall sees these IPs are directly connected , and has an ARP for these.. firewall will have both the routes of the vpn and inside subnets as directly connected, unless you connect on VPN on a totally seperate DMZ...

2) Do I have to add a static route on my vpn firewall and redistribute it into EIGRP - Which interface are these routers connected ? you need not anyway add any route on the firewall.. for eg if your ip pool is 10.1.1.x/24 you can either add a static route on routers A,B&C pointing to firewall inside interface, and then to redistribute this route to downstream routers like Router D only, or to advertise this network pool directly on the Firewalls EIGRP network statements .. this would make the routers learn the route through EIGRP and route the traffic back to firewall for reverse routing...

Hope this helps.. all the best

Raj

Actions

This Discussion