02-11-2015 12:27 PM
Hello.
I'm facing this issue in which a PC connected to an ASA using Cisco VPN client can't reach most of the LAN behind the FW.
Attached, the network's diagram.
Any PC successfully connects, but It can reach only to the printers. They can't reach any other device from the LAN, and vice versa.
The only way I could make it work was adding a route into one computer's routing table so that it reaches the LAN segment through the FW's LAN interface (although it already had that IP address as its default gateway, which apparently was "not working").
I set a capture on the FW, and without that route no packet reaches the ASA (access list on the LAN interface grants traffic)
I would appreciate any help you could provide.
Thanks in advance.
Regards.
02-18-2015 05:30 PM
your diagram is not clear. Is the printer on the same network as the PCs? What do you get when you do a route print on the vpn client in both instances?
Thanks
John
02-20-2015 08:01 AM
Hello John:
When connecting the vpn client the PC gets an IP address belonging to the same IP addresses pool. (.90.98), so, the answer is "yes". And what worries me is that I have two printers in the same LAN. The graphic shows only one of them. Both printers answers ping and are reachable, letting the PC user open their web interfaces. But I can't reach the rest of the subnet.
What the graphic neither show is that there is a router, connected to an MPLS cloud. But, there is no route in the router that makes the packet go through the MPLS link.
I thought that regarding the fact that the PC, connected with vpn client, gets an IP from the same VLAN, there would not be necesary anything else.
A temporary solution was adding to that router (wich by the way is not the default gw for any device in that LAN) routes pointing to the ASA, so that devices in LAN can reach the external PC (wich wasn't necessary with the printers - they worked before adding those routes).
03-08-2015 08:35 AM
Have your resolved the issue?
09-17-2015 09:58 AM
What I finally did is to change the IP addresses pool for VPN remote clients. Sth with that caused problems. A new dedicated subnet worked.
Thank you very much, and sorry for not answering before.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide