Re: vpn issue on asa 5510

mehta.rahul · ‎01-08-2007

I have configured remote access vpn for my corporate network ..

I have remote users connecting to my server in corp network it has ip of 192.168.1.70

I have split tunnel configured for 192.168.1.0 network

Now users have their local network consisting of 192.168.1.70 network also .

When they vpn in they are not able to reach my corp server

why it would do that ?

According to split tunnel policy all the traffic destined for .1.0 network should be tunneled right ?

please let me know what could be wrong

Fernando_Meza · ‎01-08-2007

HI ... For some reason it sounds like the packets are routed by the NIC instead of by the VPN Adapter .. I had similar issue with Checkpoint client and ended up re-addressing the local segment. For testing only .. You could perhaps try disabling split tunnel and make sure that the vpn client has the 'Allow local LAN access' option cleared out. If the connection is OK .. then you definetely have the same situation I had ... you could try using NAT for the servers so that the client sees those address as something else .. i.e 172.16.X.X otherwise you might need to re-address the local hosts to avoid the IP overlapping you could be experiencing.

static (inside,outside) 172.16.x.x netmask 255.255.255.255

Make sure you allow access to 172.16.X.X on the split tunneling.

I hope it helps .. please rate it if it does !!!

mehta.rahul · ‎01-09-2007

i did try to setup

STATIC nat , it didnot work on tunnels...

andyjames · ‎01-12-2007

Hello,

Sanitise your config and post it and I will have a look.

Andy.

usanitary · ‎01-12-2007

192.168.1.0 is a common network for home networks, perhaps the client PC thinks the remote network is local.