We have an ASA for our IPSec VPN service that has been up and running for some time. We ran into an issue at a trade show this week in which we could connect to our VPN using the trade show wifi but could not access anything behind our firewall (computers, servers, etc.) yet simply tethered to a cell phone, and using the VPN we could then access what we needed.
I suspect some sort of conflict with the local trade show wifi subnet and our internal subnet behind the firewall, although both connections are using NAT.
The trade show DHCP is handing out 172.16.0.0/16 addresses and the subnet we're trying to access behind the VPN is 172.16.128.0/22. VPN connections are assigned addresses from a separate pool (10.4.99.0/24).
When using the wifi and VPN I am able to connect, and ping the gateway interface of the ASA, but nothing beyond. When using cellular and VPN I am able to ping the gateway and pass traffic to services behind it.
Any thoughts on how this might be resolved? We have not run into this before and the VPN has been in use for several years.
I often have this conflict. Check if you have a default route on the Pc when you are on the wifi that goes through the gateway of the local router. Add more specific route to go through the gateway of your VPN adapter. e.g. route add .....
Join us for a detailed discussion of the integrations between Cisco Secure Email and SecureX. We’ll share the various ways that SecureX provides greater visibility across the Cisco Security landscape and demonstrate how Secure Email is the ...
ISE 2.7 FCS
To display default country code and Place holder customization please follow the below steps.
Upload the attached js file in Custom Portal Files.
Go to portal and add the below script in the Registration Form pag...
Part 1: The Basics
Hard-copy printing may feel very “old school” now, but a recent flurry of activity related to the print spooler service on Windows operating systems has brought one of the oldest IT applications back into the spotlight again. Our...
Python on Cisco Secure Email
The Python package used in our appliances is not a standard deployment --- just like AsyncOS is not your typical FreeBSD (a free and open-source Unix-like operating system descended from the Berkeley Software Distributio...
Wireless Controller WLC integration with Cisco ISE for access control through 802.1X is one of the most popular deployment in the network security field. Now is the employee PC safe after the authentication and authorization?even after the posture o...