Solved: Re: Remote access vpn in ASA 5505

gandhi.ganesh · ‎06-24-2008

Hi,

we have Lan-to-lan VPN from our office to head office in US. we have servers in US located in DMZ ie database & webhosting, we have enabled remote access VPN also for our client who want to access these servers when they connected to remote access VPN their local lan gets disconnected I tested from our office same issue using remote access VPN & i am attaching the configuration file of firewall in US

nomair_83 · ‎06-30-2008

Just remove existing and add the following

1, access-list testingKowa_splitTunnelAcl extended permit ip (your server ip and mask) 192.168.1.0 255.255.255.0.

2 cal this acl in your active group policy.

split-tunnel-policy tunnelspecified

split-tunnel-network-list

testingKowa_splitTunnelAcl

3, group-policy CiscoASA attributes

no dns-server value 202.138.96.2 202.138.96.100

View solution in original post

JORGE RODRIGUEZ · ‎06-24-2008

Go over this link for local lan access while VPNing.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml

HTH

-Jorge

Jorge Rodriguez

gandhi.ganesh · ‎06-29-2008

Hi Jorge,

First thanks

I am able to access Local Lan ie giving printing using the link what u have given,

but not able to access internet I think to go to internet he is not able to understand to which default gateway he should use

I want both to work

pls find the latest FW configuration

nomair_83 · ‎06-30-2008

Dear,

Just remove "any" from your split tunnel acl and mention the networks of your secure networks and then call it in group policy with tunnel specified option.

2, remove dns-server value 202.138.96.2 202.138.96.100.

Regards,

gandhi.ganesh · ‎06-30-2008

Hi,

can u please explain in brief I am not getting

nomair_83 · ‎06-30-2008

Just remove existing and add the following

1, access-list testingKowa_splitTunnelAcl extended permit ip (your server ip and mask) 192.168.1.0 255.255.255.0.

2 cal this acl in your active group policy.

split-tunnel-policy tunnelspecified

split-tunnel-network-list

testingKowa_splitTunnelAcl

3, group-policy CiscoASA attributes

no dns-server value 202.138.96.2 202.138.96.100

gandhi.ganesh · ‎06-30-2008

Local Lan ip: 192.168.130.0/24

VPN Pool ip: 192.168.1.0/24

will it be any impact if I use no dns-server value 202.138.96.2 202.138.96.100

because i am accessing the fw thru L2L vpn

nomair_83 · ‎06-30-2008

ok just do it without removing dns.

gandhi.ganesh · ‎06-30-2008

I tried internet is working but my local lan is not working I want both to work simultaneously

gandhi.ganesh · ‎06-30-2008

Please find the testing snapshoot

I think under secured routes i should get 192.168.1.0/24 & under local lan access 192.168.130.0/24 then both might work

gandhi.ganesh · ‎07-01-2008

Hi,

My problem got resolved & thanks for all who supported me to fix this below is the changes i made

1. access-list Bangalore-Lan standard permit 0.0.0.0 255.0.0.0

2. I didn't remove the DNS settings