i have ASA5510 and configured for VPN remote access. the connection is established and users are authenticated correctly and logged into the local network and can ping all LAN devices.
The Problem is that, the logged in users cannot ping any other VLAN or network inside the enterprise ( the local users with the same LAN but not VPN users can ping it).
I have check it the VPN adapter IP address that the user got and I noticed that there is not gateway is appear, so who I can configure the ASA’s IP address as getaway to the remote VPN users to be able to ping other Vlans and networks in the same enterprise
There shouldn't be any default GW under vpn-adapter interface. To see what traffic is tunneled, do the route print command. By default (if no spit tunnel is configured), all the traffic is tunneled. So don't bother for the traffic flow from vpn-clients towards your LAN, but pay more attention to the reverse direction (from LAN towards vpn-clients), specifically check that:
- nat exemption (NAT 0) rules are configured for all VLANs subnets for traffic, destined towards vpn-clients pool (you've got those for local lan, so do the same for others VLANs).
- check that there's correct routing information so those VLANs know how to reach vpn-clients subnet through ASAs inside interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...