2.Configured SiteB Internal workstations to access Internet using Public iPs assigned (with nat 2) and also proviced RDP/telnet access to couple of internal machines using pubic IPs assigned.
3.Configured Remote access VPN using ASDM on SiteB ASA.
4.Did not select' Split Tunneling' while configuring Remote access VPN.
5. Now From Site A , from my internal Network desktop (10.50.0.0), Iam able to dial in to the VPN and access siteB Internal resources, but loosing connectivity to Internet and access to my LAN and other network resources. (if I use a Laptop from outside internet line like DSL, I could not access Internet when VPN in to siteB)
6.SiteA setup is regular setup:
PCs-->Switch -->ASA-->Cable modem.
Please find the attached config (IPs changed and removed unwanted config from ASA). The 'bold' items are created by ASDM.
Not configuring Split tunneling is the cause. Second, do not use an IP pool which is in the same subnet of inside. 10.30.50.0/24 covers 10.30.50.0/28 Do the following modification and VPN will work as you like
ip local pool Remote_DialPool 10.30.40.1-10.30.40.253 mask 255.255.255.0
no access-list Inside_nat0_outbound extended permit ip 10.30.50.0 255.255.255.0 10.30.50.224 255.255.255.224
access-list Inside_nat0_outbound extended permit ip 10.30.50.0 255.255.255.0 10.30.40.0 255.255.255.0
access-list Split_T permit ip 10.30.50.0 255.255.255.0 10.30.40.0 255.255.255.0
Thank you for quick reply.Please find the current running configs. I cleaned up the nat statements & VPN pool ips from the original posting.
SiteA : 10.1.201.0 and it has connectivity to other sites (10.1.202.0/24, 10.70.0.0/16 etc)
Now with the existing configuration, what I observed was, when connected from SiteA to ASA via VPN from my desktop(at SiteA), I can browse the internet. But Loosing access to my network drives at SiteA and also, once the VPN is up, I cannot 'ping'/Access the devices at SITEB also.
Please find the configs. Iam sure that Iam missing some ACLS here. Please advice.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...