05-02-2010 10:21 PM
Dear All,
I have successfully configured L2TP vpn configuration on asa 5510 with 8.0(4) version of IOS.
When I connect using this vpn my internet doesnt work. Even if I give proxy or dns or I remove proxy
It doesnt work. only the resources behind the firewall I can access. I am using extended access-list
I tried with standard access-list also.
Kindly please suggest as what mistake could be.
Thanks
Jv
Solved! Go to Solution.
05-03-2010 05:18 AM
I think I should add 192.168.0.0/16
05-03-2010 05:22 AM
No, what i mean is change the ip pool mask from /24 to /16 on the ASA as follows:
ip local pool
05-03-2010 05:24 AM
yes I got your point but what difference will it make??
Regards,
05-03-2010 05:48 AM
halijenn,
once i configure the nat exempt in the firewall it will automatically convert it to 192.168.0.0/16
actually I want this solution for mac basically but I thought if I can solve first on windows it will be easy for mac.
I dont think it is possible for windows too.
After connecting the l2tp vpn I can see 2 default routes one pointing to the vpn gateway and one pointing to original machine gateway with increased metric
Regards
Jvalin
05-03-2010 05:54 AM
If you change the mask to /16, it would appear as 192.168.0.0 once you are connected, and that route should point towards the vpn gateway. If you uncheck the "Use default gateway on remote network" option, then the default gateway would be your original machine gateway.
So because 192.168.0.0/16 points towards the vpn gateway, when you try to access your corporate internal networks which is in the 192.168.x.x/24 subnet range, it will be routed towards the vpn gateway. For everything else, it would route towards the original machine gateway.
With this solution, you don't even have to add any routes on the client pc.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide