cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2947
Views
0
Helpful
19
Replies

Cant access other subnets using cisco VPN client

vikas kumar
Level 1
Level 1

Dear all,

we have servers protected by ASA firewall,

server IP range is 2.2.1.0/22, we use Cisco VPN  (split tunneling)  and cisco VPN client to manage server.

when we connect VPN we can only access 2.2.1.0/ 24 Range other range can accesseble.

Routes details in cisco VPN client shows 2.2.1.0/22 but we cant access other subnets ( 2.2.2.0 and 2.2.3.0).

Please help

Regards

vikas kumar

19 Replies 19

Vikas, try to do this. This hos is between your supernet /22 connected direct on ASA.

access-list VPN_NONAT extended permit ip  2.2.1.0 255.255.252.0  host 2.2.2.8

!

nat (INSIDE) 0 access-list VPN_NONAT

Good luck

If you feel confortble, please send me the configuration by e-mail or private message.

Cheers

Fabio

Dear Fabio

i have sent Config on private message.

thanks with regards

vikas kumar

maybe your split-tunnnel ACL should be like this?:

access-list VPN_splitTunnelAcl standard permit 2.2.0.0 255.255.252.0

Jitendra Siyag
Level 1
Level 1

i would suggest using a different subnet for VPN pool. and try using packet-tracer command to check where it is being blocked in the firewall.

you can also paste the output of the command here for us to analyze, if required.

if you wish you could put your nat config and tunnel configuration here to read it and this we might help you better.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: