cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
441
Views
0
Helpful
3
Replies

RA clients not able to access

senthuran
Level 1
Level 1

hello,

we are setting up a remote vpn access for our users.setup as below:

Server -> L3 switch -> ASA - Internet - RA client

sorry dont hav diagram now.attached the ASA config.

2 Vlans configured for desktop and switch in L3 switch.

desktop:172.16.33.x and server:172.16.32.x

Remote vpn clients need to access the servers.

ASA inside ip:172.16.33.1

VPN is succesfully getting established but

Remote clients are not able to access the servers.attached the ASA config.pls help.

3 Replies 3

andrew.prince
Level 10
Level 10

Add the below:-

access-list inside_nat0_outbound extended permit ip 172.16.32.0 255.255.255.0 172.16.15.0 255.255.255.192

HTH>

Andrew,

Thanks for the response.I have got an update on the issue from the site,not sure why this happens.

cisco VPN client have obtained IP address from VPN pool (e.g: 172.16.15.2) .We are not able to access 172.16.32.x

But From a desktop inside the netowrk (172.16.33.x)ping the above VPN IP address. At this point the VPN client will be able to ping to inside network (172.16.32.x and 172.16.33.x) and any connection then is allowed from VPN client such as RDP.

Not sure why we have to ping VPN client IP address from inside network to initiate the communication. any idea?

I have seen this kind of issue before, these were the reasons:-

1) The VPN pool was a subset of a physical IP address subnet - solution, allocate a full class C to the VPN pool.

2) The VPN pool was a small subnet of addresses - solution allocate a full class c to the VPN pool.

3) Routing, there is a possibility there is a routing issue with the VPN pool - solution check routing.

HTH>

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: