frontechltd
asked on
VPN Problems after network gateway changes.
Hi All,
I have users coming in to my network on a ipsec vpn through a Cisco ASA 5510. They have access to one server (mail server) and use a virtual address range of 172.16 etc. The mail server gateway setting is pointing at the asa box on ip 254. We also have a router going to our head office on ip 1.
Now our head office wanted us to route all mail in and out to the head office so asked us to change the gateway settings on the mail servers network card to the .1 router instead of the .254 ASA box. All is fine except the vpn users can access the mail server , cant even ping it. So i put the gateway back to 254 and then added an extra gateway (under adv settings) for .1 which works fine.
Problem is any time i restart the mail server the vpn users are locked out again until i remove the gateway setting and put them in again. Any Ideas?
I have users coming in to my network on a ipsec vpn through a Cisco ASA 5510. They have access to one server (mail server) and use a virtual address range of 172.16 etc. The mail server gateway setting is pointing at the asa box on ip 254. We also have a router going to our head office on ip 1.
Now our head office wanted us to route all mail in and out to the head office so asked us to change the gateway settings on the mail servers network card to the .1 router instead of the .254 ASA box. All is fine except the vpn users can access the mail server , cant even ping it. So i put the gateway back to 254 and then added an extra gateway (under adv settings) for .1 which works fine.
Problem is any time i restart the mail server the vpn users are locked out again until i remove the gateway setting and put them in again. Any Ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In answer to both questions, fileinster: we are running lotus domino. Will check the firewall for routes.
Irmoore: tried the add route and got this:-
The route addition failed: Either the interface index is wrong or the gateway do
es not lie on the same network as the interface. Check the IP Address Table for
the machine.
Thank on you help so far
Irmoore: tried the add route and got this:-
The route addition failed: Either the interface index is wrong or the gateway do
es not lie on the same network as the interface. Check the IP Address Table for
the machine.
Thank on you help so far
If you tried what LRMoore suggested and got that response it means you got your parameters wrong. Check the help "route /?".
His answer will solve your problem 100%, although not very elegant. But who wants elegance?
His answer will solve your problem 100%, although not very elegant. But who wants elegance?
Does the ASA have a route to the addresses in head office via the .1 router? If so it should simply be a matter of configuring your email server to route all mail towards the IP address of the mail server in head office. If there is no upstream mail server then that is a case for policy routing. I know you can configure policy routing on the router, which would work, but no sure if this feature exists on the ASA.