VPN connected but can't access Corporate network

sadler.darla · ‎03-16-2010

My VPN is connected but I cannot seem to access anything on the Corporate network.

It's as if there is no route back through the tunnel.

From the Client VPN log:

The Virtual Adapter was enabled:

IP=192.168.245.2/255.255.255.0

DNS=208.163.60.10,0.0.0.0

WINS=0.0.0.0,0.0.0.0

Domain=

Split DNS Names=

163 20:28:35.991 03/15/10 Sev=Info/4 CM/0x63100038

Successfully saved route changes to file.

164 20:28:36.006 03/15/10 Sev=Info/5 CVPND/0x63400013

Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.198 25

67.113.19.206 255.255.255.255 192.168.1.1 192.168.1.198 100

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306

127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306

127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

192.168.1.0 255.255.255.0 192.168.1.198 192.168.1.198 281

192.168.1.1 255.255.255.255 192.168.1.198 192.168.1.198 100

192.168.1.198 255.255.255.255 192.168.1.198 192.168.1.198 281

192.168.1.255 255.255.255.255 192.168.1.198 192.168.1.198 281

192.168.201.0 255.255.255.0 192.168.245.1 192.168.245.2 100

192.168.245.0 255.255.255.0 192.168.245.2 192.168.245.2 276

192.168.245.2 255.255.255.255 192.168.245.2 192.168.245.2 276

192.168.245.255 255.255.255.255 192.168.245.2 192.168.245.2 276

224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306

224.0.0.0 240.0.0.0 192.168.1.198 192.168.1.198 281

224.0.0.0 240.0.0.0 192.168.245.2 192.168.245.2 276

255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

255.255.255.255 255.255.255.255 192.168.1.198 192.168.1.198 281

255.255.255.255 255.255.255.255 192.168.245.2 192.168.245.2 276

165 20:28:36.006 03/15/10 Sev=Info/6 CM/0x63100036

The routing table was updated for the Virtual Adapter

166 20:28:36.006 03/15/10 Sev=Info/4 CM/0x6310001A

One secure connection established

I cannot ping any server within the corporate network (192.168.201.0/24).

I'm not sure what to do to troubleshoot or fix.

Any suggestions?

-Darla

slmansfield · ‎03-16-2010

Is there a way for you to check to see if there's a route back through the tunnel?

Is the VPN central site device configured for NAT-T?

sadler.darla · ‎03-16-2010

NAT-T is enabled on the firewall (ASA5500).

I'm not sure how else to see if there is a route back to the corporate network. As I mentioned, I cannot ping anything inside the corporate network so that to me says there is no route back. Do you have another idea for testing this? tracert does not even give me one hop.

Thanks!

slmansfield · ‎03-16-2010

Can you ask someone with access to your corporate network to do a traceroute from one of the servers to your VPN IP address?

rowell.andal · ‎03-16-2010

Hi,

Do you have access to ASDM? If so, you might want to turn logging on to see what is happening. I had a similar issue when I had NAT-Control enabled and/or ip reverse-verify on my ASA. I turned those off for testing and I was able to access my corp net.