Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote vpn clients cannot access internal gateway

We have an ASA 5510 which has remote VPN clients, tunneling over IPSEC/L2TP using the cisco client, unable to access a remote network. Crude diagram attached, sorry I don't have visio :(

What's happening is that the RA clients have their 192.168.1.x address that they get from their local wireless router at home, then the ASA Cisco vpn connection gives them an IP of 10.1.210.x, which they can access the entire corporate network fine...

The problem is that they cannot access the router for our remote network hosing our ERP system, which has a router gateway address of 10.1.200.247. Clients in the corporate office can access the router fine as we use static routes on machines we want to have access this erp system...

Persistent Routes:

Network Address Netmask Gateway Address Metric

66.248.225.128 255.255.255.192 10.1.200.247 1

66.248.227.0 255.255.255.128 10.1.200.247 1

The Remote access clients can't use this static route because they have a 192.168.x.x address... So I tried editing the policy of the VPN connection and added the network to the split tunnel networks, but they still cannot access the router...

Now it could be that the router to the ERP system only allows traffic from the 10.1.200.x network and not the 10.1.210.x network, but I'm not sure if the ASA is forwarding the traffic to the router as a 10.1.200.x address or a .210.x address...

should I focus on the remote router configuration? Or am I missing something? Thanks for any help!

1 REPLY

Re: Remote vpn clients cannot access internal gateway

Roger,

This could be as simple as a basic routing issue. Can you confirm the below:-

1) The 10.1.200.247 is part of the no-nat group of traffic for the RA clients.

2) The` device 10.1.200.247 knows how to route to the 10.1.210.0/24 subnet.

HTH>

365
Views
0
Helpful
1
Replies
CreatePlease to create content