03-03-2014 08:03 PM
Here is my topology
vpn client (10.10.30.xx)-------------CiscoISA500 Firewall-----------L3 Switch----------192.168.10.xx and Static Route to 192.168.20.xx (Site B thruh P2P T1 connection)
Here is the problem
Client can connect to ipsec vpn without any problems and also able to access everything on 192.168.10.xx network. However, vpn client can not access 192.168.20.xx network. 192.168.20.xx is allowed in vpn policy. Not sure if this is NAT related issue. When I do a traceroute from vpn client pc, it makes it all the way through Firewall then dies, can not ping it either. Please help
03-04-2014 08:11 AM
On the other side of the connection, Site B, do you have an IP route for 10.10.30.xx pointing back to the other side of the point-to-point tunnel?
Also, are you NAT exempting 10.10.30.xx destined for 192.186.20.xx?
03-04-2014 11:28 AM
I have feeling that return traffic got dropped by SA. Try to put in a ACL to allow traffic coming in.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: