05-21-2014 05:35 PM - edited 07-05-2021 12:52 AM
Hi Everyone,
I have issue going on at our site.
Users when they connect to WLC 2100 and get IP address and when they use the Remote VPN client they get connected to VPN but unable to
access the internet sites and internal resources.
Same users when they connect via wired lan have and connect to VPN they can access all the internet sites and resources.
Setup
AP----WLC -----connect to same Switch1---------ASA1---------LAN to LAN Tunnel-------ASA2---------ASA3----ASA4(VPN)------Internal LAN.
Where WLC default gateway is ASA1.
ASA1 is also providing DHCP to users both wired and wireless.
When same users connect to same Switch1 via wired connection they can connect to ASA4 VPN and access the internet and internal sites.
When wireless users are connected to ASA4(VPN) and it uses full tunnel no split tunnel and when i do nslookup of say google.ca i get message
DNS request times out.
All firewalls do not show any error in log messages.
Any one has idea how can i fix this issue?
Regards
MAhesh
05-22-2014 07:47 AM
The segment the internal services are on needs to be routable to/from the segment/scope given to your VPN users. You also need to make sure there are NAT rules for the VPN address scope/segment as you are using full tunnel
06-04-2014 09:07 AM
Issue is using Ipec over TCP with IPSEc over UDP all is good.
Regards
MAhesh
05-22-2014 10:42 AM
This may also be due to the fact your expected traffic is not being select for tunneling just make sure about you acls and wireless configurations
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide