We are starting to experience more and more issues with remotes sites (mostly hotels) that are using the similar local subnet scheme as we are on a local network.
Fo example, we are 10.1.x.x 255.255.255.0 network, with various vlans setup using the third octet. Several hotels are using the 10.1.x.x 255.255.0.0 scheme.
When our remote people connect to the 3005 using any client (Microsoft PPTP or the Cisco client) they are having trouble connecting to any traffic that is on the remote 10.1.x.x 255.255.255.0 network.
My suspicion is that the route it is using is the route with the shorter mask applied, which is the class b assigned from the hotel, therefore it is looking on its local network for addresss that are actually remote. I hope I have explained this so its understandable.
Anyone have this issue, or know of a dynamic work around.
We had that problem with our remote users and when we had the opportunity (rolled out cisco voip) we readdressed our networks to a 172.2x.x.x. We knew this was a large undertaking but was necessary. Through our experience we never saw a hotel or home network with a class b private network. Always 192.168.x.x or 10.x.x.x. That alone solved alot of issues for us.
You mentioned that upgrading your clients to 4.7 fixed the problem...was there a feature in 4.7 that you had to enable or did you change how you summarized the encryption domain on the concentrator? Anything that you could share with me would be much appreciated.
The example is a bit different, but the same could be accomplished in one direction using NAT to translate the internal subnet to something else when VPN users connect. The trick would be to also have a seperate DNS server for your VPN users so they could still get to resources by the same names they typically use.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...