03-16-2010 11:40 AM
My VPN is connected but I cannot seem to access anything on the Corporate network.
It's as if there is no route back through the tunnel.
From the Client VPN log:
The Virtual Adapter was enabled:
IP=192.168.245.2/255.255.255.0
DNS=208.163.60.10,0.0.0.0
WINS=0.0.0.0,0.0.0.0
Domain=
Split DNS Names=
163 20:28:35.991 03/15/10 Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.
164 20:28:36.006 03/15/10 Sev=Info/5 CVPND/0x63400013
Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.198 25
67.113.19.206 255.255.255.255 192.168.1.1 192.168.1.198 100
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.198 192.168.1.198 281
192.168.1.1 255.255.255.255 192.168.1.198 192.168.1.198 100
192.168.1.198 255.255.255.255 192.168.1.198 192.168.1.198 281
192.168.1.255 255.255.255.255 192.168.1.198 192.168.1.198 281
192.168.201.0 255.255.255.0 192.168.245.1 192.168.245.2 100
192.168.245.0 255.255.255.0 192.168.245.2 192.168.245.2 276
192.168.245.2 255.255.255.255 192.168.245.2 192.168.245.2 276
192.168.245.255 255.255.255.255 192.168.245.2 192.168.245.2 276
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 192.168.1.198 192.168.1.198 281
224.0.0.0 240.0.0.0 192.168.245.2 192.168.245.2 276
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 192.168.1.198 192.168.1.198 281
255.255.255.255 255.255.255.255 192.168.245.2 192.168.245.2 276
165 20:28:36.006 03/15/10 Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter
166 20:28:36.006 03/15/10 Sev=Info/4 CM/0x6310001A
One secure connection established
I cannot ping any server within the corporate network (192.168.201.0/24).
I'm not sure what to do to troubleshoot or fix.
Any suggestions?
-Darla
03-16-2010 11:56 AM
Is there a way for you to check to see if there's a route back through the tunnel?
Is the VPN central site device configured for NAT-T?
03-16-2010 12:37 PM
NAT-T is enabled on the firewall (ASA5500).
I'm not sure how else to see if there is a route back to the corporate network. As I mentioned, I cannot ping anything inside the corporate network so that to me says there is no route back. Do you have another idea for testing this? tracert does not even give me one hop.
Thanks!
03-16-2010 12:57 PM
Can you ask someone with access to your corporate network to do a traceroute from one of the servers to your VPN IP address?
03-16-2010 11:04 PM
Hi,
Do you have access to ASDM? If so, you might want to turn logging on to see what is happening. I had a similar issue when I had NAT-Control enabled and/or ip reverse-verify on my ASA. I turned those off for testing and I was able to access my corp net.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide