Remote accesss vpn with LDAP and KERBEROS microsoft active directory

arumugasamy · ‎02-17-2008

Dear All,

I recently configured the remote accss vpn with AD. now the vpn client acquired ip add network is 192.168.34.0 but the server is inside the cyber guard firewall LAN (192.168.1.0).

The tunnel is established but i can not acc the server 192.168.1.210 or ping it by client 192.168.34.11.

Where the routing has to be done for this to work.

The ASA inside and cyberguard outside is the network 192.168.34.0 the client pool is confiured but the server is inside LAN in one vlan with 192.168.1.0 network.the cyberguard is between LAN and ASA firewall.

cyberguard outside is 192.168.34.3 inside is 192.168.33.3 and the core LAN switch gateway to the outside is 192.168.33.3

Please could you give me the work around for it.

Thanks

swami

JORGE RODRIGUEZ · ‎02-17-2008

Swami, if you can post a diagram Im positive you'll get more responces, Im not sure I understand your topology as you have two firewalls. You indicate you have cyberguard between LAN and ASA, cyberguard firewall outside IP 192.168.34.3 and inside of 192.168.33.3, and your asa inside is in the same network as your cyber outside interface 192.168.34.0. It seems from your description the cyberguard is your vpn gateway and this is where you RA connection is stablished through cyberguard is this correct?

Lets put RA VPN aside for a minute.

1-From within the cyberguar firewall can you reach 192.168.1.210 or any host under that subnet by pings. If you cannot you will

need a route at cyberguard to get to 192.168.1.0 network.

In the event that this is not the case and that you can ping from cyberguard hosts in the 192.168.1.0 network in your LAN

from cyberguard successfully I would recommend to look into how enabling NAT traversal (aka NAT-T ), I suspect one of these may be your problem.

Rgds

Jorge

Jorge Rodriguez