We have an ASA acting as our VPN concentrator. There are no L2L tunnels. All routing is done from an upstream router that this device sits behind. Currently the split tunnel works for all but one subnet the remote users are trying to hit. Here are relevant parts of the config:
nameif inside security-level 100 ip address 172.16.16.3 255.255.248.0 ! interface Vlan2 nameif outside security-level 0 ip address 172.16.0.3 255.255.248.0
object network VPNpool range 172.16.17.240 172.16.17.249 description VPNpool
access-list SPLIT standard permit 172.16.8.0 255.255.248.0 access-list SPLIT standard permit 172.20.0.0 255.255.248.0 access-list SPLIT standard permit 172.16.0.0 255.255.248.0 access-list SPLIT standard permit 172.22.0.0 255.255.248.0 access-list SPLIT standard permit 172.20.0.0 255.255.255.0 access-list SPLIT standard permit 172.16.16.0 255.255.248.0
nat (outside,outside) source static any any destination static VPNpool VPNpool no-proxy-arp
group-policy GroupPolicy_VPN internal group-policy GroupPolicy_VPN attributes banner value This is for authorized users only. wins-server none dns-server value 172.20.0.135 vpn-tunnel-protocol ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLIT default-domain value (removed) address-pools value VPNpool webvpn anyconnect ssl compression none anyconnect dtls compression none
S 172.16.17.244 255.255.255.255 [1/0] via 172.16.0.1, outside C 172.16.16.0 255.255.248.0 is directly connected, inside C 172.16.0.0 255.255.248.0 is directly connected, outside S 172.20.0.0 255.255.248.0 [1/0] via 172.16.16.1, inside S 172.22.0.0 255.255.248.0 [1/0] via 172.16.16.1, inside S* 0.0.0.0 0.0.0.0 [1/0] via 172.16.0.1, outside
So when connected to the split tunnel I can hit machines on the following subnets 172.16.16.0, 172.20.0.0, 172.22.0.0 but I'm unable to hit anything on 172.16.8.0. I'm not 100% sure the NAT statement is even in use as there doesn't seem to be any translation actually going on. Is there something wrong with my config?
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...