Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
4
Replies

Access Multiple Network Segments over VPN

daortego0923
Level 1
Level 1

‎05-02-2008 06:59 PM - edited ‎02-21-2020 03:42 PM

Our client has a 5510 with 5505 at three branch offices. I am able to access the 5510 through remote access vpn, but need to be able to run a Lansurveyor to maintain inventory on their network. I can only access the segment of the network that I vpn to. How can I access the other segments while connected to the 5510. Here's a summary. I can connect to 192.168.10.0/24 via remote access vpn, but also need to have access to 192.168.30.0/24, 192.168.40.0/24, and 192.168.50.0/24.

Labels:
0 Helpful
4 Replies 4

JORGE RODRIGUEZ
Level 10
Level 10

‎05-03-2008 08:41 PM

You need to create acl on asa5510 where you are VPNing into in order to permit vpn network to access other inside segmets for 192.168.30.0,40,and 50 respectivately.

for example if the vpn RA network on the asa5510 that assign addresses to vpn clients is 192.168.10.0/24 create acl to permit vpn net to inside nets.

access-list inside_nat0_outbound extended permit ip 192.168.30.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.40.0 255.255.255.0 192.168.10.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 192.168.10.0 255.255.255.0

nat(inside) 0 access-list inside_nat0_outbound

HTH

Jorge

Jorge Rodriguez
0 Helpful

daortego0923
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎05-06-2008 04:18 PM

I've entered your recommendations, but still no luck. Do I need to make changes to each ASA 5505 as well, or just the 5510?

Thanks

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to daortego0923

‎05-07-2008 09:41 AM

Hi Dillard, are the 192.168.30.0, and 192.168.40 and 50 behind the 5510 firewall? I thought so if not please confirm, puting the lansurveyor aside for a minute when you vpn to 5510 are you able to connect to any host on the 192.168.30,40,50 segments at all? can you from the other side 5510 firewall see logs to find out if there is any NAT issues when trying to access those segments, get this part straighten out first before moving onto the lansurveyor part.

Rgds

-Jorge

Jorge Rodriguez
0 Helpful

des
Level 1
Level 1

‎07-13-2010 07:48 AM

I am in the same boat and the posted suggestion/solution doesn't appear to apply.

From behind the 5510 I can access everything at the branch offices. When I VPN into the 5510 I can only access what is on that network, nothing at any of the branch offices. I'd like to be able to VPN into the 5510 and be able to access each branch office's network.

Please advise, thanks!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents