01-13-2015 06:45 PM
Hello all. I've configured a remote VPN using a 5505 ASA, but am unable to connect in any fashion to the internal network. I am currently utilizing split tunnel and am able to access the internet with no issue. I have assigned my VPN pool a 192.168.x.x address and local resources use a 10.50.x.x network. What have I missed?
Thanks for your help.
Solved! Go to Solution.
01-14-2015 11:51 AM
You don't make the VPN pool a separate Layer 3 VLAN interface on either the switch or the ASA. That subnet is a set of addresses that's reached via the ASA's inside address.
Your core switch must route to it via the ASA inside interface. The core switch should also have "ip routing" active.
01-13-2015 07:34 PM
Does your internal network know to route traffic to 192.168.x.x. VPN pool back to the ASA?
(7.2(4) - that's some OLD code!)
01-13-2015 09:06 PM
"If it ain't broke"....oh wait...
I went ahead and configured another vlan as shown below. I created VLAN3, added an ethernet interface to it then attached it to our switch as an access port on our 192.168.223 VLAN. Am I heading in the right direction? I'm still not able to get connectivity from the 10.50 to 192.168.223 VLAN..
interface Vlan1
nameif inside
security-level 100
ip address 10.50.20.252 255.255.0.0
ospf cost 10
!
interface Vlan2
no forward interface Vlan1
nameif outside
security-level 0
ip address 74.x.x.x 255.255.255.224
ospf cost 10
!
interface Vlan3
no nameif
security-level 100
ip address 192.168.223.253 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
switchport access vlan 3
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 3
01-13-2015 09:21 PM
I asked earlier does the gateway for the internal (10.50.x.x) network have a route to the VPN pool (or have the ASA as the default gateway)?
That is required. It would also be required for the new subnet you just defined.
01-14-2015 11:46 AM
I was able to resolve this issue by scraping VLAN 3 on the ASA and in my switch environment. I then added a route to my switch as follows: "ip route 192.168.223.0 255.255.255.0 10.50.20.252". This resolved the issue..
01-14-2015 11:51 AM
You don't make the VPN pool a separate Layer 3 VLAN interface on either the switch or the ASA. That subnet is a set of addresses that's reached via the ASA's inside address.
Your core switch must route to it via the ASA inside interface. The core switch should also have "ip routing" active.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide