I have a situation where I have a mix of MAC and Windows machines and they need connectivity back to my network via my ASA5510. I've installed the VPN client on my Windows machines, v 5.0.x and on my MAC machines, v4.9.x. My windows machines can connect and browse the network just fine, my MAC clients cannot.
My MAC clients are getting an IP address for the VPN network just fine, but i can't ping them. I can ping my Windows machines just fine.
DId I miss a setting somewhere when configuring the MAC clients?
So here's what I found after a couple of hours of trouble shooting today. Still not sure how to fix it though.
1. When using the Cisco VPN on the MAC, I can connect just fine.
2. When i run "netstat -rn" on the MAC, I see my new default route, but it doesn't take affect.
Why? Here's the answer.
The network I'm on, is 192.168.1.0/24. The VPN Network/IP that I get a remote IP Address from is 192.168.70.0/24. The Remote Network I'm tring to browse is 192.168.1.0/24. See the problem?
The MAC does not know how to route from a 192.168.1.0/24, thru a 192.168.71.0/24 to a 192.168.1.0/24 network.
On a Windows machine, this works okay, on the MAC, not so much.
How I finally figured it out was by issuing the following command: "ping -S 192.168.71.50 192.168.1.20". The "-S" tells ping to use the 192.168.71.50 as the source address to then ping 192.168.1.20. But this is the only way I can get it to work.
I tried adding a "route" command on the MAC and point it towards the VPN interface as the destination, but that just confused the heck out of the MAC and gave me destination unreachable messages all over the place.
I found a Cisco Release Note and it actually stated this whole thing as a 'problem', but no fix.
Unfortunately you would need to change the home network from anything else but 192.168.1.0/24, otherwise, looks like MAC machine is trying to ARP for the ip address since it thinks that they are in the same subnet, and eventhough they are in the same subnet, but they are not meant to be in the same subnet hence causing the issue that you are experiencing, ie: it will ARP for it instead of route the packet, hence specifically configuring the static route will not work.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...