02-08-2014 04:20 PM
I am unable to figure out why I can't access other vlan interfaces when I VPN into the ASA. I use 192.168.26.x as the main network. I can ping and RDP into that network, however, I cannot access anything on 192.168.20.x, 21.x, or 22.x - I can however access them all internally, just not externally from the VPN. Any help would be apprecaited. Here is my Show Run
Solved! Go to Solution.
02-09-2014 04:33 AM
Hi,
Seems to me that you are using Split Tunnel VPN which essentially means that you select the networks to which traffic from the VPN Client is tunneled through your Split Tunnel ACL configuration.
So far you have only tunneled a single internal network (the one that works) and you would need to add these configurations
access-list electroremote_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list electroremote_splitTunnelAcl standard permit 192.168.21.0 255.255.255.0
access-list electroremote_splitTunnelAcl standard permit 192.168.22.0 255.255.255.0
You will naturally also need a NAT0 configuration for each of these networks
For example
object network VPN-POOL
subnet 192.168.12.0 255.255.255.0
nat (BLDG-A,outside) 1 source static BLDG-A BLDG-A destination static VPN-POOL VPN-POOL
nat (BLDG-B,outside) 2 source static BLDG-B BLDG-B destination static VPN-POOL VPN-POOL
nat (BLDG-C,outside) 3 source static BLDG-C BLDG-C destination static VPN-POOL VPN-POOL
Let me know if it works for you
Please do remember to mark a reply as the correct answer if it answered your question.
- Jouni
02-09-2014 04:33 AM
Hi,
Seems to me that you are using Split Tunnel VPN which essentially means that you select the networks to which traffic from the VPN Client is tunneled through your Split Tunnel ACL configuration.
So far you have only tunneled a single internal network (the one that works) and you would need to add these configurations
access-list electroremote_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list electroremote_splitTunnelAcl standard permit 192.168.21.0 255.255.255.0
access-list electroremote_splitTunnelAcl standard permit 192.168.22.0 255.255.255.0
You will naturally also need a NAT0 configuration for each of these networks
For example
object network VPN-POOL
subnet 192.168.12.0 255.255.255.0
nat (BLDG-A,outside) 1 source static BLDG-A BLDG-A destination static VPN-POOL VPN-POOL
nat (BLDG-B,outside) 2 source static BLDG-B BLDG-B destination static VPN-POOL VPN-POOL
nat (BLDG-C,outside) 3 source static BLDG-C BLDG-C destination static VPN-POOL VPN-POOL
Let me know if it works for you
Please do remember to mark a reply as the correct answer if it answered your question.
- Jouni
02-09-2014 01:36 PM
that worked! Thank you!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide