Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco VPN routing issue

Hello,

I am currently away in a hotel and have setup both a Full tunnel profile and a Split tunnel profile on my home ASA.  The tunneling works fine for browsing, but when I try to access one of my machines at home, no luck.

I'm sure I'm missing something obvious somewhere, but I'm not an ASA guru.

10.1.8.0/24 is my home network

10.1.9.0 is the VPN pool I assign to VPN users (Full or Split).       

Relevant config:

ip local pool vpnPool 10.1.9.200-10.1.9.220 mask 255.255.255.0

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network vpn-subnet

subnet 10.1.9.0 255.255.255.0

object network synthetiqLAN-8

subnet 10.1.8.0 255.255.255.0

object network synthetiqLAN-9

subnet 10.1.9.0 255.255.255.0

object-group network synthetiqNets

network-object 10.1.8.0 255.255.255.0

network-object 10.1.9.0 255.255.255.0

access-list groupSplitTunnelACL standard permit 10.1.8.0 255.255.255.0

nat (inside,outside) source static synthetiqLAN-8 synthetiqLAN-8 destination static vpn-subnet vpn-subnet

nat (inside,outside) source static synthetiqLAN-8 synthetiqLAN-8 destination static synthetiqLAN-9 synthetiqLAN-9 no-proxy-arp route-lookup

object network obj_any

nat (inside,outside) dynamic interface

Let me know if I need to include the crypto portion or the attributes portion.

Again, I am currently remote with a 10.1.9.xx address and I'm trying to access a PC on the 10.1.8.xx subnet.  No luck.

Any help would be greatly appreciated.

Thanks!


3 REPLIES
Cisco Employee

Cisco VPN routing issue

Hi Scott,

Could you please include the following commands

show run route

show route

show crypto ipsec sa

show run crypto

regards

Itzcoatl

New Member

Cisco VPN routing issue

Requested info here (sorry, not seeing how to upload a txt file)


Thanks!

Cisco Employee

Cisco VPN routing issue

Hello Scott,

I was able to check the configuration , it looks fine, we have a route installed to the vpn client and also we have encap and decap packets on the vpn.

If you are still not able to reach your internal network, maybe it will be needed to run captures on the inside interface of the ASA.

regards,

Itzcoatl

193
Views
0
Helpful
3
Replies
CreatePlease to create content