We are having issue's with external suppliers accessing servers using the Cisco IPSec client (ver 5). The clients can vpn into the ASA and they receive an IP address from the address pool. When the supplier tries to RDP to the servers at the site they receive an error that they cannot connect.
The IP Address range on the inside network is 10.0.0.0/8 and frequently the suppliers are using this for some part of their network as well. We suspect a routing issue but we have been unable to find a way to force the traffic (typically a server somewhere on the 10.20.0.0 subnet) down the VPN tunnel
When they dial in from other network (ie home broadband) they can RDP into the servers without any issue.
So we are assuming that the clients office address range is what is causing the problem.
We have tried SSL and Anyconnect with more success but it is not reliable
I am not sure exactly what the clients address is, but the user did say they were on a Segment 10 address.
The VPN pool that has been allocated is 10.20.28.X
Only clients that are accessing from a Segment 10 address experience this problem, I have tried from an ADSL using the users credentials and i have no problem accessing the servers via RDP. The server is also behind a 10.0.0.0/8.
Can you give me example of NATING VPN traffic for users who are coming from Segment 10 address?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...