marceloNYC
asked on
I need to add for our VPN clients a secure route to one of pur networks
Dear experts:
I need to enter routes for our VPN client sessions.
We have a p2p connection with a remote office. We can connect with no problems between offices.
See when I connect from lets say office A via VPN client. I can connect to office B no problems.
I need to do the same now from office B via cisco VPN Client connecting to office A.
I see that I need to add secure routes on my VPN client for sessions office B.
When I am connected VPN client to office A, I can see in my tunnel statistic all the routes to all the networks I need to connect to.
When I am connected VPN client to office B, I only see the routes for network B only. I need to add the routes to network A.
The difference between the two office is that office A has a VPN concentrator and office B has a ASA 5505.
I am going to paste some of the configuration of the ASA 5505.
The A network is 172.16.0.0 and the B network is 10.2.0.0
Thanks! M
I need to enter routes for our VPN client sessions.
We have a p2p connection with a remote office. We can connect with no problems between offices.
See when I connect from lets say office A via VPN client. I can connect to office B no problems.
I need to do the same now from office B via cisco VPN Client connecting to office A.
I see that I need to add secure routes on my VPN client for sessions office B.
When I am connected VPN client to office A, I can see in my tunnel statistic all the routes to all the networks I need to connect to.
When I am connected VPN client to office B, I only see the routes for network B only. I need to add the routes to network A.
The difference between the two office is that office A has a VPN concentrator and office B has a ASA 5505.
I am going to paste some of the configuration of the ASA 5505.
The A network is 172.16.0.0 and the B network is 10.2.0.0
Thanks! M
hostname Network B
domain-name blah blah
enable password uxjOBquo8dFnKLVb encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 10.2.99.10 255.255.255.0
ospf cost 10
!
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
ospf cost 10
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object-group network Phones
network-object 10.2.101.0 255.255.255.0
object-group network Wireless
network-object 10.2.2.0 255.255.255.0
object-group network Wireless2
network-object 10.2.102.0 255.255.255.0
object-group service rdp tcp
port-object range 3388 3389
object-group network NYoffice
description Connection for the VPN client to New york office
network-object 172.16.0.0 255.255.0.0
access-list inside_nat_outbound extended permit ip 10.2.0.0 255.255.0.0 interface inside
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list TPG-VPN_splitTunnelAcl standard permit 10.2.1.0 255.255.255.0
access-list TPG-VPN_splitTunnelAcl standard permit 10.2.2.0 255.255.255.0
access-list TPG-VPN_splitTunnelAcl standard permit 10.2.99.0 255.255.255.0
access-list TPG-VPN_splitTunnelAcl standard permit 10.2.101.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.2.1.0 255.255.255.0 10.2.250.0 255.255.255.128
access-list inside_nat0_outbound extended permit ip 10.2.2.0 255.255.255.0 10.2.250.0 255.255.255.128
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip 10.2.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list inside_access_in extended permit icmp any 172.16.0.0 255.255.0.0
access-list TPGVPN2_splitTunnelAcl standard permit 10.2.99.0 255.255.255.0
access-list LIVPN_splitTunnelAcl standard permit 10.2.0.0 255.255.0.0
access-list inside_access_out extended permit ip any 172.16.0.0 255.255.0.0
access-list inside_access_out extended permit ip 10.2.0.0 255.255.0.0 172.16.0.0 255.255.0.0
pager lines 24
logging enable
logging asdm informational
logging host inside 172.16.5.29
mtu inside 1500
mtu outside 1500
mtu Public-Wireless 1500
ip local pool VPN-Pool 10.2.250.50-10.2.250.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply inside
icmp permit any time-exceeded inside
icmp permit any echo inside
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 access-list inside_nat_outbound
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
route inside 10.2.0.0 255.255.0.0 10.2.99.1 1
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
http server enable
http 10.2.250.0 255.255.255.0 outside
http x.x.x.x.x 255.255.255.255 outside
http 172.16.0.0 255.255.0.0 inside
sinkup linkdown coldstart
snmp-server enable traps syslog
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnetx.x.x.x.x x.x.x.x outside
telnet timeout 5
ssh 10.2.0.0 255.255.0.0 inside
ssh 172.16.11.0 255.255.255.0 inside
ssh 172.16.5.0 255.255.255.0 inside
ssh x.x.x.x.x. 255.255.255.255 outside
ssh 10.2.250.0 255.255.255.0 outside
ssh 68.173.0.233 255.255.255.255 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 30
console timeout 0
dhcpd auto_config inside vpnclient-wins-override
!
dhcpd dns 10.2.99.x x.x.x.x.x interface inside
!
!
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
<--- More --->
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
<--- More --->
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy LIVPN internal
group-policy LIVPN attributes
dns-server value 10.2.99.x 207.172.3.8
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value LIVPN_splitTunnelAcl
username admin password ei0NpACRsMnfQvBF encrypted privilege 15
username marcelo attributes xxxxxx 15
vpn-framed-ip-address 10.2.99.50 255.255.255.0
tunnel-group LIVPN type ipsec-ra
tunnel-group LIVPN general-attributes
address-pool VPN-Pool
authorization-server-group LOCAL
default-group-policy LIVPN
authorization-required
tunnel-group LIVPN ipsec-attributes
pre-shared-key *
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER