Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Remote VPN users unable to reach OSPF Inter Area Networks

Hi All,

Area0 & Area1. Area1 ASA has remote VPN configuration where users uses split tunneling also. When users VPN-in, they successfully access all the respurces in Area1, but unable to reach resources in Area0.

But Area0 PCs able to 'ping' the VPN-in IPs. I tried 'debug icmp trace', but not even single message poping up while initiate the 'ping' from VPN-in users laptop.

fyi.. Area1 N/W: 10.251.0.0/16 and 10.251.40.0/24 has been used for VPN users DHCP. Everything works fine except for reachability to Area0.

Any suggestions..?

Thank you

MS

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Remote VPN users unable to reach OSPF Inter Area Networks

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

5 REPLIES

Re: Remote VPN users unable to reach OSPF Inter Area Networks

correction.... Area0 PCs also unable to reach VPN-in users....

thank you

MS

Gold

Re: Remote VPN users unable to reach OSPF Inter Area Networks

not enough information.

tell us more about your network, including routers and any other layer 3 devices.

if possible, post your firewall config.

Re: Remote VPN users unable to reach OSPF Inter Area Networks

Please find the attached.

Area0 L3 device <-> Area251 L3 device we have a 100Meg P2P link runs OSPF. i took out the config that is not needed from the devices.

Please review and suggest.

Thank you

MS

Re: Remote VPN users unable to reach OSPF Inter Area Networks

access-list nonat extended permit ip SiteA 255.255.0.0 SiteAVPN 255.255.255.0

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0

Re: Remote VPN users unable to reach OSPF Inter Area Networks

Hi,

Adding

access-list nonat extended permit ip SiteB 255.255.0.0 SiteAVPN 255.255.255.0 .. did the trick.

Thank you very much.

MS

116
Views
0
Helpful
5
Replies