Hello all,

I suspect a firewall/nat problem with VPN. I have been googling for a similar problem, but nothing really poped-up.

There are incoming ACL rules on interface Gi0/1.254 but as it monitors incoming traffic only I consider them not important for my problem.

The VPN connection establishes however only the traffic to 10.6.0.0/24 is permitted, but no traffic to 10.10.254.0/24.

Here are (what I consider importaint) ASA rules:

access-list VPN-ACL-vpntest extended permit ip 10.6.2.0 255.255.255.0 any

access-list tunnelLIST-vpntest extended permit ip 10.10.254.0 255.255.255.0 any

access-list tunnelLIST-vpntest extended permit ip 10.6.0.0 255.255.255.0 any

ip local pool vpntestpool 10.6.2.2-10.6.2.254 mask 255.255.255.0

group-policy vpntest internal

group-policy vpntest attributes

vpn-filter value VPN-ACL-vpntest

vpn-tunnel-protocol ikev1

split-tunnel-policy tunnelspecified

split-tunnel-network-list value tunnelLIST-vpntest

address-pools value vpntestpool

tunnel-group vpntest type remote-access

tunnel-group vpntest general-attributes

address-pool vpntestpool

default-group-policy vpntest

tunnel-group vpntest ipsec-attributes

ikev1 pre-shared-key *

interface GigabitEthernet0/1.254

vlan 254

nameif test-lan

security-level 50

ip address 10.10.254.1 255.255.255.0

!

object network test-lan-server

host 10.10.254.2

description test-server

nat (test-lan-server,any) static a.b.c.d

interface GigabitEthernet0/2.6

vlan 6

nameif management

security-level 90

ip address 10.6.0.254 255.255.255.0

!

Have tried with intercept-dhcp option but there is no difference.

What baffles me is that this configuration was copied from one working VPN, and I have checked it many times that is identical.

Routes in VPN client are as they are supposed to be - both networks are listed under secure routers.

Any hints on what else might I have forgotten, or what should I try next?

Thanks.