I believe they are because

Odessa Crump · ‎05-29-2015

I have configured a remote access VPN for a business partner. Connectivity has been confirmed by the business partner. I have allowed access to 3 internal LAN subnets but the client can only ping 2 of 3 even though all 3 subnets are on the ACL list for the Group.

farhan_p2000 · ‎05-30-2015

Suggest the below:

- Check if the customer is seeing split tunneled networks properly.

Customer should see all the three subnets that you have allowed.

- If the traffic is passing another filtering device like a data center firewall, check the logs on this firewall.

It could be that the traffic is reaching your data center firewall (if at all there is one) but there is no response from the server in the third subnet.

- ICMP could be allowed to eliminate issues at layer 3.

Regards,

Farhan Patel

Odessa Crump · ‎06-01-2015

I believe they are because the way I verified this is by installing the Cisco VPN client on my laptop, same as business partner, and configured it with the same connection parameters that they are using for the remote connection, after connecting I open the VPN client and go to Status-Statistics and under the routing details tab, in the secured networks section I see all 3 subnets that are being allowed. Are you suggesting to look somewhere on the ASA FW itself?

Odessa Crump · ‎06-01-2015

I check the ASA, all 3 subnets are showing there as well (see attaché pic). FYI part of the 3rd and all of the 4th octets have been concealed to protect the innocent.

Accessing internal LAN through remote access VPN, ASA 5510