Remote VPN Access to Multiple Subnets

ddftech
ddftech used Ask the Experts™
on
I have a client who is having a slight issue with their remote VPN.  The clients connect to the VPN fine, but can only access one subnet.  Here is the basic setup.

Client has MPLS circuits to all remote offices.
At the corporate office, the client has an ASA 5510, and an ISP managed MPLS router.
The ASA is the default gateway and has routes as follows, where 192.168.0.201 is the MPLS router:

route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route Inside 192.168.1.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.2.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.4.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.5.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.6.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.7.0 255.255.255.0 192.168.0.201 1
route Inside 192.168.8.0 255.255.255.0 192.168.0.201 1

The inside network of the firewall is 192.168.0.0 /24

When connected to the remote VPN, the user only has access to 192.168.0.0 addresses.  How can I get access to the other subnets as well?

I'm sure this is pretty easy, but I am pretty new to this stuff.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2011

Commented:
Check NO NAT statement, it should contain all these subnets. Also make sure all remote subnets have routes back to your VPN clients

Author

Commented:
I have added:

access-list Inside_nat0_outbound extended permit ip any 192.168.1.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.6.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.7.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.8.0 255.255.255.0

The routes back to my VPN clients will needed to be added by the ISP since they manage the MPLS routers, and I already had them looking into that.  I will respond again after I received confirmation those routes are in place.
Commented:
This was not the solution.  I had to add all the subnets to the Split Tunnel ACL also.

Thanks!

Author

Commented:
I added the subnets of the remote networks to the split tunnel ACL.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial