Wireless users unable to access Internal Resources and Internet via VPN Client

mahesh18 · ‎05-21-2014

Hi Everyone,

I have issue going on at our site.

Users when they connect to WLC 2100 and get IP address and when they use the Remote VPN client they get connected to VPN but unable to

access the internet sites and internal resources.

Same users when they connect via wired lan have and connect to VPN they can access all the internet sites and resources.

Setup

AP----WLC -----connect to same Switch1---------ASA1---------LAN to LAN Tunnel-------ASA2---------ASA3----ASA4(VPN)------Internal LAN.

Where WLC default gateway is ASA1.

ASA1 is also providing DHCP to users both wired and wireless.

When same users connect to same Switch1 via wired connection they can connect to ASA4 VPN and access the internet and internal sites.

When wireless users are connected to ASA4(VPN) and it uses full tunnel no split tunnel and when i do nslookup of say google.ca i get message

DNS request times out.

All firewalls do not show any error in log messages.

Any one has idea how can i fix this issue?

Regards

MAhesh

ericgarnel · ‎05-22-2014

The segment the internal services are on needs to be routable to/from the segment/scope given to your VPN users. You also need to make sure there are NAT rules for the VPN address scope/segment as you are using full tunnel

mahesh18 · ‎06-04-2014

Issue is using Ipec over TCP with IPSEc over UDP all is good.

Regards

MAhesh

kaaftab · ‎05-22-2014

This may also be due to the fact your expected traffic is not being select for tunneling just make sure about you acls and wireless configurations