Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP Pool as part of Internal subnet

Hello all,

 

We have an ASA 5510 Sec+ firewall, and are trying to set up a remote access VPN using AnyConnect.  Our internal subnet is 172.16.40.0/22.

Now, when I set the IP Pool to give out addresses inside that subnet, i.e. 172.16.42.32 - 172.16.42.96, I can connect to the VPN and ping our servers, but I only get 1 reply and the rest of the packets are dropped.  On the firewall, I can see the packets being denied with this error message: 

3Oct 11 201416:12:58 SRV1 172.16.40.185 Deny inbound icmp src outside:SRV1 dst outside:172.16.40.185 (type 0, code 0)

 

Following the advice I received in my other thread about this I set up an IP pool on a new subnet - 172.16.180.0/24.  With that setup I was able to connect and become part of the network, RDP/PING etc.  So I thought that was the end of the problem, until I was told that the developers could not reach our production servers which are hosted on another subnet through the VPN.  They are in 172.16.46.0/24 and are located in a colo facility.

Now, we have a Windows RRAS VPN set up which gives out internal subnet IP addresses, and they are able to reach the colo subnet just fine.  Is there any way to fix the Cisco VPN to work with assigning internal addresses?

We do not have access at this time to the router at the colo, just their firewall.

 

60
Views
0
Helpful
0
Replies