VPN users can not access remote LAN when traffic is cutover to MPLS interfa
We have two offices one in San Jose and the other one in LA, the network is very simple, each office has a PIX 515 and has one L3 subnet directly attached to firewall's inside interface, the subnets are 192.168.1.0/24 and 192.168.2.0/24, respectively. Each firewall has two public IP addresses, one public address dedicated to Internet access and IPsec RA access, and the other public IP is dedicated for site2site VPN, the address pool for remote access VPN in SJ office is 10.10.10.0/24, while remote access pool in LA office is taken from 192.168.2.0/24 space. So everything worked fine, when employees VPN in to either firewall, they can access Email/files in either location.
We now decided to get rid of the site2site VPN and go with MPLS VPN service provided by ATT, the MPLS VPN service was attached to third interface (nameif MPLS) in firewall, we changed the static route on firewall such that traffic between two offices are routed to interface MPLS, the cutover is successful, means that hosts in both offices can communicate with each other fine.
The only problem is remote access users can only access servers in their local office but can not access servers (or ping) in remote office, I think somehow firewall does not route traffic coming from RA VPN to the new (MPLS) interface, but I can not figure out why is so, because the routing looks correct, and NAT translation also OK.
If you guys have any suggestions, please guide, I can post the relevant configuration if that helps.
Re: VPN users can not access remote LAN when traffic is cutover
Hi, configuration is attached, this is working configuration (before cut over) RA VPN traffic will come in from outside interface and route to site2site interface, the only change to make traffic cutover to mpls interface is replace "route site2site 192.168.20.0/24" with "route mpls 192.168.20.0/24"
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...