Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
3
Replies

Cisco VPN routing issue

scott.bridges
Level 1
Level 1

‎02-21-2014 07:29 AM

Hello,

I am currently away in a hotel and have setup both a Full tunnel profile and a Split tunnel profile on my home ASA.  The tunneling works fine for browsing, but when I try to access one of my machines at home, no luck.

I'm sure I'm missing something obvious somewhere, but I'm not an ASA guru.

10.1.8.0/24 is my home network

10.1.9.0 is the VPN pool I assign to VPN users (Full or Split).       

Relevant config:

ip local pool vpnPool 10.1.9.200-10.1.9.220 mask 255.255.255.0

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network vpn-subnet

subnet 10.1.9.0 255.255.255.0

object network synthetiqLAN-8

subnet 10.1.8.0 255.255.255.0

object network synthetiqLAN-9

subnet 10.1.9.0 255.255.255.0

object-group network synthetiqNets

network-object 10.1.8.0 255.255.255.0

network-object 10.1.9.0 255.255.255.0

access-list groupSplitTunnelACL standard permit 10.1.8.0 255.255.255.0

nat (inside,outside) source static synthetiqLAN-8 synthetiqLAN-8 destination static vpn-subnet vpn-subnet

nat (inside,outside) source static synthetiqLAN-8 synthetiqLAN-8 destination static synthetiqLAN-9 synthetiqLAN-9 no-proxy-arp route-lookup

object network obj_any

nat (inside,outside) dynamic interface

Let me know if I need to include the crypto portion or the attributes portion.

Again, I am currently remote with a 10.1.9.xx address and I'm trying to access a PC on the 10.1.8.xx subnet.  No luck.

Any help would be greatly appreciated.

Thanks!


Labels:
0 Helpful
3 Replies 3

Itzcoatl Espinosa
Cisco Employee
Cisco Employee

‎02-21-2014 08:57 AM

Hi Scott,

Could you please include the following commands

show run route

show route

show crypto ipsec sa

show run crypto

regards

Itzcoatl

0 Helpful

scott.bridges
Level 1
Level 1
In response to Itzcoatl Espinosa

‎02-21-2014 07:17 PM

Requested info here (sorry, not seeing how to upload a txt file)


Thanks!

0 Helpful

Itzcoatl Espinosa
Cisco Employee
Cisco Employee
In response to scott.bridges

‎02-24-2014 06:43 AM

Hello Scott,

I was able to check the configuration , it looks fine, we have a route installed to the vpn client and also we have encap and decap packets on the vpn.

If you are still not able to reach your internal network, maybe it will be needed to run captures on the inside interface of the ASA.

regards,

Itzcoatl

0 Helpful
Customers Also Viewed These Support Documents