Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5505 VPN VLAN Issue.

I am unable to figure out why I can't access other vlan interfaces when I VPN into the ASA. I use 192.168.26.x as the main network. I can ping and RDP into that network, however, I cannot access anything on 192.168.20.x, 21.x, or 22.x - I can however access them all internally, just not externally from the VPN. Any help would be apprecaited. Here is my Show Run

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

ASA 5505 VPN VLAN Issue.

Hi,

Seems to me that you are using Split Tunnel VPN which essentially means that you select the networks to which traffic from the VPN Client is tunneled through your Split Tunnel ACL configuration.

So far you have only tunneled a single internal network (the one that works) and you would need to add these configurations

access-list electroremote_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.21.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.22.0 255.255.255.0

You will naturally also need a NAT0 configuration for each of these networks

For example

object network VPN-POOL

subnet 192.168.12.0 255.255.255.0

nat (BLDG-A,outside) 1 source static BLDG-A BLDG-A destination static VPN-POOL VPN-POOL

nat (BLDG-B,outside) 2 source static BLDG-B BLDG-B destination static VPN-POOL VPN-POOL

nat (BLDG-C,outside) 3 source static BLDG-C BLDG-C destination static VPN-POOL VPN-POOL

Let me know if it works for you

Please do remember to mark a reply as the correct answer if it answered your question.

- Jouni

2 REPLIES
Super Bronze

ASA 5505 VPN VLAN Issue.

Hi,

Seems to me that you are using Split Tunnel VPN which essentially means that you select the networks to which traffic from the VPN Client is tunneled through your Split Tunnel ACL configuration.

So far you have only tunneled a single internal network (the one that works) and you would need to add these configurations

access-list electroremote_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.21.0 255.255.255.0

access-list electroremote_splitTunnelAcl standard permit 192.168.22.0 255.255.255.0

You will naturally also need a NAT0 configuration for each of these networks

For example

object network VPN-POOL

subnet 192.168.12.0 255.255.255.0

nat (BLDG-A,outside) 1 source static BLDG-A BLDG-A destination static VPN-POOL VPN-POOL

nat (BLDG-B,outside) 2 source static BLDG-B BLDG-B destination static VPN-POOL VPN-POOL

nat (BLDG-C,outside) 3 source static BLDG-C BLDG-C destination static VPN-POOL VPN-POOL

Let me know if it works for you

Please do remember to mark a reply as the correct answer if it answered your question.

- Jouni

New Member

ASA 5505 VPN VLAN Issue.

that worked! Thank you!!

124
Views
0
Helpful
2
Replies