Remote site VPN can only access one internal subnet

aalbrecht27 · ‎01-29-2015

I have a remote site connected through a VPN into an ASA 5510 at our main location. The ASA 5510 at the main site is on 192.168.0.x/24, the remote site is using 192.168.90.x/24.

Devices on the remote site can ping across the VPN to the 192.168.0.x subnet at the main site, but pings to any other subnets at the main site fail, (192.168.60.x, 192.168.100.x, etc). The same issue happens in reverse, devices at the main site on the 192.168.0.x subnet can ping devices on the remote site at 192.168.90.x, but devices on a different subnet at the main site, for example 192.168.60.x, fail to ping accross the VPN to the remote site.

I've attached the firewall configs if anyone can give me a point in the right direction, or is this just an issue by design on ASA VPNs?

Mohsin Burki · ‎01-29-2015

As per your config, I guess you are referring to the VPN connectivity with Peer IP 166.149.125.81.

If yes than you have missed the other subnets of main site in the ACL outside_cryptomap_1

which have been mapped in the VPN with this Peer.

object-group network DM_INLINE_NETWORK_2

under this statement match the network-object with the subnets at main site that needs communication with the subnet 192.168.90.x/24 at remote site (same as you have done for 192.168.0.0/24 subnet)and vice versa.

BR

Please rate if this solve your problem.