01-05-2009 05:48 AM
hello,
we are setting up a remote vpn access for our users.setup as below:
Server -> L3 switch -> ASA - Internet - RA client
sorry dont hav diagram now.attached the ASA config.
2 Vlans configured for desktop and switch in L3 switch.
desktop:172.16.33.x and server:172.16.32.x
Remote vpn clients need to access the servers.
ASA inside ip:172.16.33.1
VPN is succesfully getting established but
Remote clients are not able to access the servers.attached the ASA config.pls help.
01-05-2009 06:45 AM
Add the below:-
access-list inside_nat0_outbound extended permit ip 172.16.32.0 255.255.255.0 172.16.15.0 255.255.255.192
HTH>
01-06-2009 11:12 PM
Andrew,
Thanks for the response.I have got an update on the issue from the site,not sure why this happens.
cisco VPN client have obtained IP address from VPN pool (e.g: 172.16.15.2) .We are not able to access 172.16.32.x
But From a desktop inside the netowrk (172.16.33.x)ping the above VPN IP address. At this point the VPN client will be able to ping to inside network (172.16.32.x and 172.16.33.x) and any connection then is allowed from VPN client such as RDP.
Not sure why we have to ping VPN client IP address from inside network to initiate the communication. any idea?
01-07-2009 01:40 AM
I have seen this kind of issue before, these were the reasons:-
1) The VPN pool was a subset of a physical IP address subnet - solution, allocate a full class C to the VPN pool.
2) The VPN pool was a small subnet of addresses - solution allocate a full class c to the VPN pool.
3) Routing, there is a possibility there is a routing issue with the VPN pool - solution check routing.
HTH>
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: