Re: INSIDE TO INSIDE VPN. HELP NEEDED !!!

ccsoofficelan · ‎11-27-2010

I have created an inside to inside VPN.

The inside interface ip is 192.168.93.249.

The VPN POOL is 192.168.96.1 - 192.168.96.14

Once the client is connected he does get the IP 192.168.96.1 pingable to 192.168.93.249.

However the gateway part is empty wheni run ipconfig on the client side..

Moreover now i need this client to connect to 192.168.100.1, This host is reachable from the 192.168.93.0 network. But the VPN client cannot access it. In the ASDM i get a portmap translation error for the 192.168.96.1.

Please advice.

I have this crazy inside - to - inside vpn as per certain scenario i am facing at work.

-- hassan

fadlouni · ‎12-01-2010

Hi Hassan.

not sure what you mean by inside to inside vpn, can you please elaborate?

can you provide the client routing table after you connect? (route print from command prompt).

portmap creation failures, usually mean there is a NAT Issue. however usually you don't do NAT when doing vpn client configuration. you use something called nat exemption. here is a sample configuration for vpn clients to ASA:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008080f2d1.shtml

notice from the example the nat exemption part for the vpn client traffic:

access-list 101 extended permit ip 172.16.0.0 255.255.0.0 10.16.20.0 255.255.255.0
ip local pool vpnclient 10.16.20.1-10.16.20.5

nat (inside) 0 access-list 101

if you still can't fix it, then please provide the config (remember to erase the parts you don't want others to see).

let me know if this helps.

Regards,

Fadi.