Avatar of ddftech
ddftech
 asked on

Remote VPN Access to Multiple Subnets

I have a client who is having a slight issue with their remote VPN.  The clients connect to the VPN fine, but can only access one subnet.  Here is the basic setup.

Client has MPLS circuits to all remote offices.
At the corporate office, the client has an ASA 5510, and an ISP managed MPLS router.
The ASA is the default gateway and has routes as follows, where 192.168.0.201 is the MPLS router:

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route Inside 192.168.1.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.2.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.4.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.5.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.6.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.7.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.8.0 255.255.255.0 192.168.0.201 1

The inside network of the firewall is 192.168.0.0 /24

When connected to the remote VPN, the user only has access to 192.168.0.0 addresses.  How can I get access to the other subnets as well?

I'm sure this is pretty easy, but I am pretty new to this stuff.
CiscoVPNInternet Protocol Security

Avatar of undefined
Last Comment
ddftech

8/22/2022 - Mon
fgasimzade

Check NO NAT statement, it should contain all these subnets. Also make sure all remote subnets have routes back to your VPN clients
ddftech

ASKER
I have added:

access-list Inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.6.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.7.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.8.0 255.255.255.0

The routes back to my VPN clients will needed to be added by the ISP since they manage the MPLS routers, and I already had them looking into that.  I will respond again after I received confirmation those routes are in place.
ASKER CERTIFIED SOLUTION
ddftech

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ddftech

ASKER
I added the subnets of the remote networks to the split tunnel ACL.
Your help has saved me hundreds of hours of internet surfing.
fblack61