https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082040#M915670 <HTML><HEAD></HEAD><BODY><P>no hitcount... are you sure that any previous statement of this ACL doesn't deny the traffic ?</P><P></P><P>Is your VPN up ? ipsec or GRE ?</P></BODY></HTML> Wed, 30 Jul 2008 13:59:29 GMT Olivier Jessel 2008-07-30T13:59:29Z https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082037#M915662 <P>I have two remote vpn subnets that need to communicate. I have my access list as </P><P>access-list No-NAT extended permit ip 172.16.140.0 255.255.255.0 172.18.3.0 255.255.255.0, however this does not seem to do the trick. Could these VPN's be terminating on different interfaces such as one external, one DMZ?</P><P></P><P>Thanks in advance</P> Mon, 11 Mar 2019 13:22:51 GMT https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082037#M915662 jgorman1977 2019-03-11T13:22:51Z https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082038#M915664 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>Have you also setup an ACL allowing the traffic to this remote subnet 172.18.3.0/24 ?</P><P></P></BODY></HTML> Wed, 30 Jul 2008 13:53:04 GMT https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082038#M915664 Olivier Jessel 2008-07-30T13:53:04Z https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082039#M915668 <HTML><HEAD></HEAD><BODY><P>I do have the ACL</P><P></P><P>access-list Internal line 40 extended permit ip 172.16.0.0 255.255.0.0 172.18.3.0 255.255.255.128 (hitcnt=0) 0x92cd7baf</P><P></P><P>Thanks</P></BODY></HTML> Wed, 30 Jul 2008 13:56:18 GMT https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082039#M915668 jgorman1977 2008-07-30T13:56:18Z https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082040#M915670 <HTML><HEAD></HEAD><BODY><P>no hitcount... are you sure that any previous statement of this ACL doesn't deny the traffic ?</P><P></P><P>Is your VPN up ? ipsec or GRE ?</P></BODY></HTML> Wed, 30 Jul 2008 13:59:29 GMT https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082040#M915670 Olivier Jessel 2008-07-30T13:59:29Z https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082041#M915672 <HTML><HEAD></HEAD><BODY><P>Both are IPSec and both are up. The 172.16.140.0/24 subnet is our VPN client subnet to the ASA and the 172.18.3.0/24 subnet are Cisco 871's terminating to the ASA.</P><P></P><P></P></BODY></HTML> Wed, 30 Jul 2008 14:08:03 GMT https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082041#M915672 jgorman1977 2008-07-30T14:08:03Z https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082042#M915674 <HTML><HEAD></HEAD><BODY><P>if I right understand, both are remote...</P><P>Have you configured split-tunneling ?</P></BODY></HTML> Wed, 30 Jul 2008 14:22:32 GMT https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082042#M915674 Olivier Jessel 2008-07-30T14:22:32Z https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082043#M915676 <HTML><HEAD></HEAD><BODY><P>Yes, they are both remote. I have the following split-tunnel acl:</P><P></P><P>access-list Indy-Remote_splitTunnelAcl_1 line 28 extended permit ip 172.18.0.0 255.255.0.0 172.16.140.0 255.255.255.0 (hitcnt=0) 0x5a58ce89</P><P></P><P>The main issue is i have users on the 172.18 subnet using IP communicator trying to contact users on the 172.16 subnet also using IP communicator. They cannot hear each other. The Call Manager server is located with the ASA, so I wouldn't think there would be enough delay to the packets to cause this issue.</P><P></P><P>Thanks again.</P></BODY></HTML> Wed, 30 Jul 2008 14:32:26 GMT https://community.cisco.com/t5/network-security/communicating-between-remote-access-vpn-subnets/m-p/1082043#M915676 jgorman1977 2008-07-30T14:32:26Z