Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
2
Replies

ASA 5505 VPN VLAN Issue.

Go to solution
Dan Poynter
Level 1
Level 1

‎02-08-2014 04:20 PM

I am unable to figure out why I can't access other vlan interfaces when I VPN into the ASA. I use 192.168.26.x as the main network. I can ping and RDP into that network, however, I cannot access anything on 192.168.20.x, 21.x, or 22.x - I can however access them all internally, just not externally from the VPN. Any help would be apprecaited. Here is my Show Run

Labels:
Preview file
23 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎02-09-2014 04:33 AM

Hi,

Seems to me that you are using Split Tunnel VPN which essentially means that you select the networks to which traffic from the VPN Client is tunneled through your Split Tunnel ACL configuration.

So far you have only tunneled a single internal network (the one that works) and you would need to add these configurations

access-list electroremote_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.21.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.22.0 255.255.255.0

You will naturally also need a NAT0 configuration for each of these networks

For example

object network VPN-POOL

subnet 192.168.12.0 255.255.255.0

nat (BLDG-A,outside) 1 source static BLDG-A BLDG-A destination static VPN-POOL VPN-POOL

nat (BLDG-B,outside) 2 source static BLDG-B BLDG-B destination static VPN-POOL VPN-POOL

nat (BLDG-C,outside) 3 source static BLDG-C BLDG-C destination static VPN-POOL VPN-POOL

Let me know if it works for you

Please do remember to mark a reply as the correct answer if it answered your question.

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎02-09-2014 04:33 AM

Hi,

Seems to me that you are using Split Tunnel VPN which essentially means that you select the networks to which traffic from the VPN Client is tunneled through your Split Tunnel ACL configuration.

So far you have only tunneled a single internal network (the one that works) and you would need to add these configurations

access-list electroremote_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.21.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.22.0 255.255.255.0

You will naturally also need a NAT0 configuration for each of these networks

For example

object network VPN-POOL

subnet 192.168.12.0 255.255.255.0

nat (BLDG-A,outside) 1 source static BLDG-A BLDG-A destination static VPN-POOL VPN-POOL

nat (BLDG-B,outside) 2 source static BLDG-B BLDG-B destination static VPN-POOL VPN-POOL

nat (BLDG-C,outside) 3 source static BLDG-C BLDG-C destination static VPN-POOL VPN-POOL

Let me know if it works for you

Please do remember to mark a reply as the correct answer if it answered your question.

- Jouni

0 Helpful

Go to solution
Dan Poynter
Level 1
Level 1
In response to Jouni Forss

‎02-09-2014 01:36 PM

that worked! Thank you!!

0 Helpful
Customers Also Viewed These Support Documents