Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
5
Replies

LAN connectivity via Remote VPN

Go to solution
spencermoore
Level 1
Level 1

‎01-13-2015 06:45 PM

Hello all. I've configured a remote VPN using a 5505 ASA, but am unable to connect in any fashion to the internal network. I am currently utilizing split tunnel and am able to access the internet with no issue. I have assigned my VPN pool a 192.168.x.x address and local resources use a 10.50.x.x network. What have I missed? 

 

Thanks for your help.

Labels:
Preview file
15 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to spencermoore

‎01-14-2015 11:51 AM

You don't make the VPN pool a separate Layer 3 VLAN interface on either the switch or the ASA. That subnet is a set of addresses that's reached via the ASA's inside address.

Your core switch must route to it via the ASA inside interface. The core switch should also have "ip routing" active.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-13-2015 07:34 PM

Does your internal network know to route traffic to 192.168.x.x. VPN pool back to the ASA?

(7.2(4) - that's some OLD code!)

0 Helpful

Go to solution
spencermoore
Level 1
Level 1
In response to Marvin Rhoads

‎01-13-2015 09:06 PM

"If it ain't broke"....oh wait...

 

I went ahead and configured another vlan as shown below. I created VLAN3, added an ethernet interface to it then attached it to our switch as an access port on our 192.168.223 VLAN. Am I heading in the right direction? I'm still not able to get connectivity from the 10.50 to 192.168.223 VLAN..

 

interface Vlan1
 nameif inside
 security-level 100
 ip address 10.50.20.252 255.255.0.0
 ospf cost 10
!
interface Vlan2
 no forward interface Vlan1
 nameif outside
 security-level 0
 ip address 74.x.x.x 255.255.255.224
 ospf cost 10
!
interface Vlan3
 no nameif
 security-level 100
 ip address 192.168.223.253 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
 switchport access vlan 3
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
 switchport access vlan 3

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to spencermoore

‎01-13-2015 09:21 PM

I asked earlier does the gateway for the  internal (10.50.x.x) network have a route to the VPN pool (or have the ASA as the default gateway)?

That is required. It would also be required for the new subnet you just defined.

0 Helpful

Go to solution
spencermoore
Level 1
Level 1
In response to Marvin Rhoads

‎01-14-2015 11:46 AM

I was able to resolve this issue by scraping VLAN 3 on the ASA and in my switch environment. I then added a route to my switch as follows: "ip route 192.168.223.0 255.255.255.0 10.50.20.252". This resolved the issue.. 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to spencermoore

‎01-14-2015 11:51 AM

You don't make the VPN pool a separate Layer 3 VLAN interface on either the switch or the ASA. That subnet is a set of addresses that's reached via the ASA's inside address.

Your core switch must route to it via the ASA inside interface. The core switch should also have "ip routing" active.

0 Helpful
Customers Also Viewed These Support Documents