?
Solved

VPN trouble

Posted on 2010-04-05
7
Medium Priority
?
928 Views
Last Modified: 2012-05-09
Hello Experts,
I have recently starting using Shrew Soft VPN to connect to my Cisco ASA router.  I also use PuTTY to connect to my switches and firewall.  My problem is, when I'm connected over VPN I can't ping or telnet into one of my switches and the firewall.  I am, however, able to ping and telnet into the other two switches.  When I use the same laptop connected directly to the LAN, I have no problems.

Thoughts?
0
Comment
Question by:DallasAdmin
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:ClintSwiney
ID: 29833996
On the VPN that is not working it must be assigning an IP address to you via DHCP like 192.168.10.5. That address has to be in the same subnet of the other devices to operate properly. If the IP subnet on the other devices is for example 10.0.2.x then you need to make the other networks aware of that subnet and open any NAT/firewall ports to allow for Telnet, Ping etc...

Or if possible setup the VPN IP address to the same subnet as the LAN the other devices are on.

Just a stab in the dark at this one...
0
 
LVL 72

Expert Comment

by:Qlemo
ID: 29835535
... but a good one. I assume the same - the "other" switch is not in the same subnet, and/or does not know of a default gateway to use for reaching the VPN client.
0
 

Author Comment

by:DallasAdmin
ID: 29836642
Thanks for the quick replies, and this is going to be a dumb question, but how would I let the switch know of a default gateway for reaching the VPN client, or make the other networks aware?

Regards,
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 72

Accepted Solution

by:
Qlemo earned 750 total points
ID: 29837760
If a switch has an IP address, you can set the default gateway on the same setup page. The default gateway has to know how to route to the VPN and any other network.
0
 
LVL 7

Assisted Solution

by:ClintSwiney
ClintSwiney earned 750 total points
ID: 29839818
I concur... To make it aware you have to setup a static route to the GW. Some firewalls do this by setting up zones and firewall/NAT rules to allow communication between zones. Others just look at the routing table, either way you'll have to have that route in place to let the GW know the other network exists, to make it bidirectional you'll need to add the route to the opposite gateway as well.
0
 

Author Comment

by:DallasAdmin
ID: 29840569
I think you guys have me on the right track.  I'm just trying to do some research into setting up VPN routing.  I have a Cisco ASA 5510 and I'm using ASDM 5.2.  It seems like it is a pretty good interface and somewhat intuitive,  but this is the first time I've used it.  If either of you have some links to some tutorials they would be appreciated, or I will keep messing around with this, this evening.
0
 

Author Closing Comment

by:DallasAdmin
ID: 31711100
I appreciate the quick and knowledgable responses, and I belive they are technically accurate.  However, as a newbie it has taken me quite a bit of research (which is fine) to track down how to route VPNs.

Thanks for your help!
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question