09-22-2014 05:59 AM
Dear,
We are using cisco ASA 5510 and we provide VPN access to external users through cisco anyconnect. When users get connected they can access to only one subnet. How can we enable route to another subnet in CLI or ASDM?
Thanks & Regards,
Solved! Go to Solution.
09-25-2014 01:15 AM
Hi,
Seems to me that you dont atleast have a NAT0 configuration for the traffic between this LAN subnet and the VPN Pool
This is your current NAT0 configuration ACL
access-list nonat extended permit ip 172.16.0.0 255.255.254.0 172.16.2.0 255.255.255.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 host 10.212.61.32 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.192 255.255.255.192 access-list nonat extended permit ip 172.16.0.0 255.255.254.0 10.1.12.0 255.255.255.0 access-list nonat extended permit ip 10.1.12.0 255.255.255.0 10.1.12.0 255.255.255.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 10.1.12.0 255.255.255.0
You VPN Pool seems to be 172.16.240.0/24 so you would need to add the following ACL line
access-list nonat extended permit ip 10.1.12.0 255.255.255.0 172.16.240.0 255.255.255.0
Hope this helps :)
- Jouni
09-22-2014 06:13 AM
Hi,
This might have nothing to do with actual routing but your VPN configurations.
At the moment you have not provided enough information for us to give you a specific answer. It would be best if you could describe what kind of network you have between the LAN subnets and the VPN device. Does for example all the LAN subnets have a route towards the VPN device for the VPN Pool used?
There are 2 main things to look at when you have a VPN Client connection and connections to some subnets are not working.
Then there are some more uncommon settings that might cause problems. If you for example are using a VPN Filter ACL you need to allow the traffic in that ACL. Or if you are using the global setting "no sysopt connection permit-vpn" it will mean that you have to allow required traffic in the ACL of the interface to which the user connects with the VPN Client.
So as I said, we need more information to help you or perhaps the above points might help you find the problem in the configurations.
Hope this helps :)
- Jouni
09-23-2014 11:40 PM
09-25-2014 01:15 AM
Hi,
Seems to me that you dont atleast have a NAT0 configuration for the traffic between this LAN subnet and the VPN Pool
This is your current NAT0 configuration ACL
access-list nonat extended permit ip 172.16.0.0 255.255.254.0 172.16.2.0 255.255.255.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 host 10.212.61.32 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.192 255.255.255.192 access-list nonat extended permit ip 172.16.0.0 255.255.254.0 10.1.12.0 255.255.255.0 access-list nonat extended permit ip 10.1.12.0 255.255.255.0 10.1.12.0 255.255.255.0 access-list nonat extended permit ip 172.16.0.0 255.255.0.0 10.1.12.0 255.255.255.0
You VPN Pool seems to be 172.16.240.0/24 so you would need to add the following ACL line
access-list nonat extended permit ip 10.1.12.0 255.255.255.0 172.16.240.0 255.255.255.0
Hope this helps :)
- Jouni
09-25-2014 01:31 AM
Thnx jouni, It works...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: