04-28-2008 01:20 PM
I have a 4506 doing my intervlan routing. I have several vlans. That 4506 is connected to a ASA5520. I have a vendor that is trying to VPN into the network. He can get connect via VPN, the ASA gives him an IP from the address pool. He just can't hit his server which is on a different vlan. Further troubleshooting shows that i can't hit any other vlans except the vlan i have the pool assigned to. Any suggestions?
04-28-2008 05:07 PM
can you post the config or double check wether you have nat exempt acls permiting vpn pool subnet to local subnets? I assume asa can reach internal subnets in 4500.
example assume two of you inside subnets in 4500 switch are 10.30.30.0/24 10.40.40.0/24 and your vpn pool network is 192.168.1.0/24
in example acl should be as this.
access-list inside_nat0_outbound extended permit ip 10.30.30.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.40.40.0 255.255.255.0 192.168.1.0 255.255.255.0
nat(inside) 0 access-list inside_nat0_outbound
Regards
Jorge
04-29-2008 03:31 AM
Excellent. No need to post config. I got it. Thanks for your help.
04-29-2008 12:35 PM
Michael, post the update whether you still have problem.
Bst Rgds
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide