Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote VPN users's gateway

Hello

i have ASA5510 and configured for VPN remote access. the connection is established and users are authenticated correctly and logged into the local network and can ping all LAN devices.

The Problem is that, the logged in users cannot ping any other VLAN or network inside the enterprise ( the local users with the same LAN but not VPN users can ping it).

I have check it the VPN adapter IP address that the user got and I noticed that there is not gateway is appear, so who I can configure the ASA’s IP address as getaway to the remote VPN users to be able to ping other Vlans and networks in the same enterprise

thanks

m.zidan

1 REPLY

Remote VPN users's gateway

There shouldn't be any default GW under vpn-adapter interface. To see what traffic is tunneled, do the route print command. By default (if no spit tunnel is configured), all the traffic is tunneled. So don't bother for the traffic flow from vpn-clients towards your LAN, but pay more attention to the reverse direction (from LAN towards vpn-clients), specifically check that:

- nat exemption  (NAT 0) rules are configured for all VLANs subnets for traffic, destined towards vpn-clients pool (you've got those for local lan, so do the same for others VLANs).

- check that there's correct routing information so those VLANs know how to reach vpn-clients subnet through ASAs inside interface.

112
Views
0
Helpful
1
Replies