Solved: Re: NO CONNECTIVITY TO SOME INTERNAL NETWORKS THROUGH ANYCONNECT REMOTE VPN CONNECTION - Page 2

isaaco001 · ‎12-08-2020

Dear Community,

I have an issue with reaching networks connected to my core switch through the remote vpn connection of remote user(please see topology attached). The vpn configuration is on the dc firewall and nating for "internet" done on the perimeter firewall.

How come I can reach networks(192.168.1.0/24) connected on the dc firewall but not the core switch(192.168.100.0/24)? Please assist. Thanks

Rob Ingram · ‎12-13-2020

Can't access 192.168.1.0/24 from where? When connected to the VPN or from the core switch? How exactly are you testing, from which source IP to which destination IP?

isaaco001 · ‎12-13-2020

Rob,

There are not issues now, the routing works well end to end as expected.

You mentioned that its not a good idea to route unencrypted traffic to the
core switch. Kindly elaborate more on this and a better design,thanks!

Looking forward to your reply.

Regards,
Isaac.

Rob Ingram · ‎12-13-2020

Good to hear.

Not unencrypted, but untrusted. You are essentially allowing the internet to route through the perimeter firewall, through the core switch to the outside interface of the DC firewall to terminate the RAVPN. Yes, it's encrypted but still not a good idea, normally you'd terminate a VPN on the perimeter of the network.

Re-configure the Perimeter firewall to run RAVPN, just use the DC firewall to firewall traffic inside the network.