03-03-2014 08:03 PM
Here is my topology
vpn client (10.10.30.xx)-------------CiscoISA500 Firewall-----------L3 Switch----------192.168.10.xx and Static Route to 192.168.20.xx (Site B thruh P2P T1 connection)
Here is the problem
Client can connect to ipsec vpn without any problems and also able to access everything on 192.168.10.xx network. However, vpn client can not access 192.168.20.xx network. 192.168.20.xx is allowed in vpn policy. Not sure if this is NAT related issue. When I do a traceroute from vpn client pc, it makes it all the way through Firewall then dies, can not ping it either. Please help
03-04-2014 08:11 AM
On the other side of the connection, Site B, do you have an IP route for 10.10.30.xx pointing back to the other side of the point-to-point tunnel?
Also, are you NAT exempting 10.10.30.xx destined for 192.186.20.xx?
03-04-2014 11:28 AM
I have feeling that return traffic got dropped by SA. Try to put in a ACL to allow traffic coming in.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide