We have currently set up our remote access VPN clients to use the AnyConnect client (eventually we would rather use IPSec, but that's for another post, most likely). Most documentation shows setting up the VPN NAT pool on a different subnet, so we currently have it set to the 192.168.3.0 network. We are able to access the network resources then only if we remote desktop in from there to an internal location. How can we allow this subnet access to our internal resources without using this workaround? I've tried assigning ACL's allowing that subnet in to the internal subnet, but it doesn't seem to make a difference.
When you say it will access subnets that we provide in the split tunneling ACL, what do you mean? I notice that split tunneling is an option under group policy, but right now all the boxes are checked for "inherit"
As I indicated before, the VPN is on a different subnet from the internal subnet. It just cannot see internal resources without using remote desktop to access those resources.
(I did not do the initial setup for this VPN, I was just asked to help troubleshoot why network resources cannot be accessed.)
Yes, apparently internal server access is one of the things
mentioned that is not working. Along with that, certain client programs will not start. Obviously the ideal that we are shooting for is for our users to be able to log in and have it be just like they are at their desks. While the RD element is not the end of the world, we would like to see if we could achieve access without it.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...