[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1081
  • Last Modified:

ASA5505 VPN Tunnel access to corporate networks

I have a problem accessing some of my corporate network from remote VPN client connect to ASA5505.

Corporate networks are 10.100.70.0/24, 10.100.71.0/24 and 10.100.69.0/24

My remote client  connect to WAN port and the LAN port on the router is on 10.100.70.0 net

I can access all resources on the 10.100.70.0 net. Default gateway on the 10.100.70.0 net is a separate router 10.100.70.2, and this router provides access to the other corporate nets. (basic net diag attached)

I have routes configured on the ASA for 10.100.71.0 and 10.100.69.0 traffic to go via 10.100.70.2. I can ping resources on those nets from the ASA.

I have split tunnelling configured on the ASA to tunnel traffic to the three corporate nets. And my vpn client identifies these three nets as secured routes.

Oh and its ASA version 8.4(3) so it has all the new NAT commands etc

ASA config is attached,any help would be great

Gary
basic-firewall-diagram.jpg
endasa-18092012.txt
0
GaryFovargue2020
Asked:
GaryFovargue2020
  • 2
1 Solution
 
Ernie BeekExpertCommented:
I'm missing the NAT exempts for the 10.100.71.0 and 10.100.69.0 networks. At the moment you only have:
nat (inside,outside) source static NETWORK_OBJ_10.100.70.0_24 NETWORK_OBJ_10.100.70.0_24 destination static NETWORK_OBJ_10.100.70.240_28 NETWORK_OBJ_10.100.70.240_28 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_10.100.70.0_24 NETWORK_OBJ_10.100.70.0_24 destination static NETWORK_OBJ_10.100.70.192_26 NETWORK_OBJ_10.100.70.192_26 no-proxy-arp route-lookup
0
 
GaryFovargue2020Author Commented:
Thanks that was perfect, just added the NAT exempts for the oher 2 nets and worked like a dream
0
 
Ernie BeekExpertCommented:
My pleasure :)
Thx 4 the points.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now