VPN trouble

Hello Experts,
I have recently starting using Shrew Soft VPN to connect to my Cisco ASA router.  I also use PuTTY to connect to my switches and firewall.  My problem is, when I'm connected over VPN I can't ping or telnet into one of my switches and the firewall.  I am, however, able to ping and telnet into the other two switches.  When I use the same laptop connected directly to the LAN, I have no problems.

Thoughts?
DallasAdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ClintSwineyCommented:
On the VPN that is not working it must be assigning an IP address to you via DHCP like 192.168.10.5. That address has to be in the same subnet of the other devices to operate properly. If the IP subnet on the other devices is for example 10.0.2.x then you need to make the other networks aware of that subnet and open any NAT/firewall ports to allow for Telnet, Ping etc...

Or if possible setup the VPN IP address to the same subnet as the LAN the other devices are on.

Just a stab in the dark at this one...
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
... but a good one. I assume the same - the "other" switch is not in the same subnet, and/or does not know of a default gateway to use for reaching the VPN client.
0
DallasAdminAuthor Commented:
Thanks for the quick replies, and this is going to be a dumb question, but how would I let the switch know of a default gateway for reaching the VPN client, or make the other networks aware?

Regards,
0
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
If a switch has an IP address, you can set the default gateway on the same setup page. The default gateway has to know how to route to the VPN and any other network.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ClintSwineyCommented:
I concur... To make it aware you have to setup a static route to the GW. Some firewalls do this by setting up zones and firewall/NAT rules to allow communication between zones. Others just look at the routing table, either way you'll have to have that route in place to let the GW know the other network exists, to make it bidirectional you'll need to add the route to the opposite gateway as well.
0
DallasAdminAuthor Commented:
I think you guys have me on the right track.  I'm just trying to do some research into setting up VPN routing.  I have a Cisco ASA 5510 and I'm using ASDM 5.2.  It seems like it is a pretty good interface and somewhat intuitive,  but this is the first time I've used it.  If either of you have some links to some tutorials they would be appreciated, or I will keep messing around with this, this evening.
0
DallasAdminAuthor Commented:
I appreciate the quick and knowledgable responses, and I belive they are technically accurate.  However, as a newbie it has taken me quite a bit of research (which is fine) to track down how to route VPNs.

Thanks for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.