Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
2
Replies

When VPN'd in unable to access networks outside of datacenter?

Go to solution
David Kaffenberger
Level 1
Level 1

‎05-23-2013 11:37 AM - edited ‎03-04-2019 07:59 PM

All-

I have been asked to take a look at correcting a configuration that I am unfamiliar with. Previously here when VPN'd in they were able to reach sites at other locations in other subnets via the WAN. Currently, they have to remote a PC in the data center's subnet then access a site on the WAN that way. I am not sure if the problem is in the ASA or with the routing at either the data center or the remote site. Would anyone be kind enough to give me a sample ASA config that will pass that VPN traffic or can you direct me to a resource that I can do some comparison to?

Thank you,


Dave

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Daniel Boling
Level 1
Level 1

‎05-27-2013 03:26 PM

*Assuming we are talking about remote-access VPNs

Start at the top.  In the ASA's configuration, there will be an access list refered to in the VPN's group-policy attributes.  Verify that the access list contains the correct subnet information.

Example:

access-list VPN_ACL standard permit 1.1.1.0 255.255.255.0

access-list VPN_ACL standard permit 2.2.2.0 255.255.255.0

(where 1.1.1.1 is your datacenter and 2.2.2.2 is the remote network)

Once that is verified, connect to the VPN via a remote workstation and look at the local machine's routing table (Start > Run > netstat -r)

Are the remote site's subnets in the workstation's routing table when VPN'd?

If so, perform a traceroute from the VPN'd workstation to an IP address on one of the remote sites to see where the failure is.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Daniel Boling
Level 1
Level 1

‎05-27-2013 03:26 PM

*Assuming we are talking about remote-access VPNs

Start at the top.  In the ASA's configuration, there will be an access list refered to in the VPN's group-policy attributes.  Verify that the access list contains the correct subnet information.

Example:

access-list VPN_ACL standard permit 1.1.1.0 255.255.255.0

access-list VPN_ACL standard permit 2.2.2.0 255.255.255.0

(where 1.1.1.1 is your datacenter and 2.2.2.2 is the remote network)

Once that is verified, connect to the VPN via a remote workstation and look at the local machine's routing table (Start > Run > netstat -r)

Are the remote site's subnets in the workstation's routing table when VPN'd?

If so, perform a traceroute from the VPN'd workstation to an IP address on one of the remote sites to see where the failure is.

0 Helpful

Go to solution
David Kaffenberger
Level 1
Level 1
In response to Daniel Boling

‎05-28-2013 01:29 PM

Hmm, I see. The access-list extened permit line was incorrectly entered. Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card