12-09-2021 12:36 PM
Hello,
We have users connecting through the Cisco AnyConnect client to an ASA. Those users are getting an address in the 172.30.13.0/24 subnet which is only for the VPN clients. The ASA is at 172.22.13.253, connected to a core switch at 172.22.13.254. There is a VPN to another site through a separate firewall (172.22.13.245) that we are try to get through to ultimately talk to a server on a 10.10.0.0/24 network. The connected client does not seem to be able to send traffic over that VPN. We have tested while connected to the VPN client and we can ping through the core but we can not ping the 172.22.13.245 firewall and of course since that’s where the site to site terminates we cant get over it. We have tried adding static routes to just about everything but the ASA itself.
12-09-2021 12:53 PM
Do you have a NAT exemption rule to ensure traffic from the RAVPN network is not unintentially translated?
Can you provide your configuration?
Is the RAVPN network 172.30.13.0/24 defined in the crypto ACL that permits traffic over the VPN? This needs to be mirrored on the peer device as well.
Can you run the packet-tracer from the CLI - "packet-tracer input <outside int name> icmp 172.30.13.192 8 0 10.10.0.55" and provide the output.
12-09-2021 01:45 PM
@Rob Ingram Let me preface this by stating I inherited this network and its a bit beyond my scope of knowledge.
1.Do you have a NAT exemption rule to ensure traffic from the RAVPN network is not unintentially translated?
not that im aware of
2. Can you provide your configuration?
Is there a specific section you are wanting to see?
3. Is the RAVPN network 172.30.13.0/24 defined in the crypto ACL that permits traffic over the VPN? This needs to be mirrored on the peer device as well.
The other VPN goes through a different brand of firewall and it is defined in the tunnels, yes.
4. Can you run the packet-tracer from the CLI - "packet-tracer input <outside int name> icmp 172.30.13.192 8 0 10.10.0.55" and provide the output.
We are using the ASDM to configure the ASA. Would this be the Packet Capture Wizard?
12-19-2021 02:38 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide