Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
0
Helpful
2
Replies

Remote access Vpn issue

danishahammed015
Level 1
Level 1

‎08-22-2013 02:25 AM - edited ‎02-21-2020 07:06 PM

Dear All,

I have configured remote access vpn without using split tunnel.Everything is working fine.I can access all the inside network which is allowed in acl.

I am facing strange issue now. I have created a pool for remote access vpn with a range 192.168.5.8/29.I can access my internal subnets 10.10.0.0/16.

I have below acess-list for acl-in.

access-list acl-in extended permit ip object-group vpnclients 192.168.5.8 255.255.255.248

object-group network vpnclients

network-object host 10.110.100.26

network-object host 10.106.100.15

network-object host 10.10.10.6

network-object host 10.10.20.82

network-object host 10.110.100.48

network-object host 10.10.20.53

network-object host 10.10.20.54

network-object host 10.60.100.1

network-object host 10.10.10.75

network-object host 10.10.20.100

network-object host 10.10.130.136

network-object host 10.106.100.16

network-object host 10.106.100.9

network-object host 10.170.100.1

network-object host 10.170.100.2

network-object host 10.170.100.21

network-object host 10.101.100.20

network-object host 10.170.100.25

So whichever IPs i have called in vpnclient group is able to access via RA vpn.Issue is when i try to access internal network of 192.168.198.0/24, i am able to access it without adding in vpnclient group. Even for 192.168.197.0/24,192.168.197.0/24 the same. But for 10.10.0.0/16 we can access only after adding in vpnclient group. Any one has face this issue before. Is this because of same network i mean 192.168.0.0 something like that.There is no other staement in acl-in for 192.168.0.0

Regards

-Danesh Ahammad

Labels:
0 Helpful
2 Replies 2

harshisi_2
Level 1
Level 1

‎08-22-2013 04:43 AM

Hi,

If i read correctly you made the RA vpn "without"  split tunnel, correct? if that is the case, all of the traffic will traverse the vpn connection (tunnel all) , the access-list "acl-in" is of no use to it.

try converting it to use split tunnel, i am sure that way you can not access resources that are not mentioned in the list.

~Harry

0 Helpful

danishahammed015
Level 1
Level 1
In response to harshisi_2

‎08-22-2013 05:07 AM

So you mean to say that ACL comes into picture only when split tunnel is enabled rite? Even there is acces-list in inside interface its not going to affect the vpn clients rite?

0 Helpful
Customers Also Viewed These Support Documents