Hi,  i have the following situation:

- Cisco ASA 8.3

- many subinterfaces on the asa

- Customers using vpn to connect to the sub network

Now i have the problem that one customer need access to his sub network and one ip in another sub network. Is this possible?

At the moment it looks like the following:

Customer dial in with vpn access and get a ip from 192.168.100.0 /24 network and has access to 10.10.10.0 /24 .

This works fine. But now he needs access to the IP 10.10.20.10.

I have added to the existing split tunnel rule the ip and in the vpn client i saw the route to the ip but if i try a ping the following message is in the log:

5     Dec 05 2010     13:57:35     305013     192.168.113.100                    Asymmetric NAT rules matched for forward and reverse flows; Connection for  icmp src outside:192.168.100.10 dst inside: 10.10.20.10 (type 8, code 0) denied due to NAT reverse path failure 

Help please