Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Wireless users unable to access Internal Resources and Internet via VPN Client

Unanswered Question
May 21st, 2014
User Badges:


Hi Everyone,


I have issue going on at our site.

Users when they connect to WLC 2100  and get IP address and when they use the Remote VPN client they get connected to VPN but unable to

access the internet sites and internal resources.


Same users when they connect via wired lan have and connect to VPN they can access all the internet sites and resources.



AP----WLC -----connect to same Switch1---------ASA1---------LAN to LAN Tunnel-------ASA2---------ASA3----ASA4(VPN)------Internal LAN.

Where WLC default gateway is ASA1.

ASA1 is also providing DHCP to users both wired and wireless.

When same users connect to same Switch1 via wired connection they can connect to ASA4 VPN and access the internet and internal sites.

When wireless users are connected to ASA4(VPN) and it uses full tunnel no split tunnel and when i do nslookup of say google.ca i get message

DNS request times out.


All firewalls do not show any error in log messages.


Any one has idea how can i fix this issue?







  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ericgarnel Thu, 05/22/2014 - 07:47
User Badges:
  • Gold, 750 points or more

The segment the internal services are on needs to be routable to/from the segment/scope given to your  VPN users.   You also need to make sure there are NAT rules for the VPN address scope/segment as you are using full tunnel

mahesh18 Wed, 06/04/2014 - 09:07
User Badges:


Issue is using Ipec over TCP with IPSEc over UDP all is good.



kaaftab Thu, 05/22/2014 - 10:42
User Badges:
  • Silver, 250 points or more

This may also be due to the fact your expected  traffic is not being select for tunneling just make sure about you acls and wireless configurations


This Discussion