ddftech
asked on
Remote VPN Access to Multiple Subnets
I have a client who is having a slight issue with their remote VPN. The clients connect to the VPN fine, but can only access one subnet. Here is the basic setup.
Client has MPLS circuits to all remote offices.
At the corporate office, the client has an ASA 5510, and an ISP managed MPLS router.
The ASA is the default gateway and has routes as follows, where 192.168.0.201 is the MPLS router:
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route Inside 192.168.1.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.2.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.4.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.5.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.6.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.7.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.8.0 255.255.255.0 192.168.0.201 1
The inside network of the firewall is 192.168.0.0 /24
When connected to the remote VPN, the user only has access to 192.168.0.0 addresses. How can I get access to the other subnets as well?
I'm sure this is pretty easy, but I am pretty new to this stuff.
Client has MPLS circuits to all remote offices.
At the corporate office, the client has an ASA 5510, and an ISP managed MPLS router.
The ASA is the default gateway and has routes as follows, where 192.168.0.201 is the MPLS router:
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route Inside 192.168.1.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.2.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.4.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.5.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.6.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.7.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.8.0 255.255.255.0 192.168.0.201 1
The inside network of the firewall is 192.168.0.0 /24
When connected to the remote VPN, the user only has access to 192.168.0.0 addresses. How can I get access to the other subnets as well?
I'm sure this is pretty easy, but I am pretty new to this stuff.
fgasimzade
Check NO NAT statement, it should contain all these subnets. Also make sure all remote subnets have routes back to your VPN clients
ASKER
I have added:
access-list Inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.6.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.7.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.8.0 255.255.255.0
The routes back to my VPN clients will needed to be added by the ISP since they manage the MPLS routers, and I already had them looking into that. I will respond again after I received confirmation those routes are in place.
access-list Inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.6.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.7.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.8.0 255.255.255.0
The routes back to my VPN clients will needed to be added by the ISP since they manage the MPLS routers, and I already had them looking into that. I will respond again after I received confirmation those routes are in place.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I added the subnets of the remote networks to the split tunnel ACL.