07-10-2015 08:58 AM - edited 03-05-2019 01:51 AM
We had an issue at a Remote Site where tenants needed to connect to their corporate site using a VPN connection
We have Meraki APs providing DHCP in the 10.0.0.0 subnet which overlapped with their network so I reconfigured the ASA with a "guest" VLAN providing an address to 192.168.2.X and will put the APs in bridge mode.
I am testing this connection in my work space and my laptop does now get a 192.168.2.X address and gets Internet access. But when testing a VPN connection using VPN Client to our Router I can't establish a connection. I noticed when I try to ping our VPN router I don't get a response.
So my question is, what is blocking this? I can ping IPs and access Web Pages but not this IP. I spoke with my Boss and he stated nothing related to our corporate firewall must relate to a configuration on the ASA. Any suggestions of how I can troubleshoot? Opened ASDM --> Logging and Filtered by my Source IP but didn't see any information of blocks. Like I said I don't know where too begin, any guidance would be appreciated.
07-11-2015 10:54 AM
Would I be correct in assuming that when the addresses were in the 10 network that access to the router worked? In that case I have a couple of possibilities to consider
- Is it possible that your router does not have a route for the 192.168.2 network?
- Is it possible that you are doing address translation on the traffic and that is confusing the router?
HTH
Rick
07-11-2015 12:59 PM
Apologies if my explanation is not ideal.
I configured a new Router (5505) as the Router at this site is a 800 Series so want to transition it out.
At the current location we can ping the Public IP of the VPN router.
I copied an existing 5505 and modified it to now to have VLAN10 as well. VLAN 10 is the guest interface and will provide the 192.168.X.X IP Address.
For testing I have my laptop directly plugged into Interface 2 of the ASA and the interface is configured as switchport access vlan 10. My laptop does get a DHCP 192.X.X address and can browse the Internet
I am still a novice with Cisco and can't understand why a public IP to say google is any different than public IP to the outside IP of the VPN router. I would have thought if I could ping one public IP I could ping any public IP.
I will send over my running-config a bit later.
07-11-2015 02:07 PM
Am I understanding correctly that you have configured an ASA5505 to replace a 800 series router at the site? And am I correct in assuming that the ASA has vlan 1 with a subnet in 10 network and vlan 20 with 192.168.2 and an outside interface with a Public IP? Did the 800 router have a VPN connection to your corporate site? Does the ASA have a similar VPN connection? If your laptop were connected in vlan 1 and had an IP address in network 10 does the access to the VPN router work?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide