trouble with Cisco object-group/VPN configuration
Posted on 2014-01-16
I have two sites connected via VPN. I restricted it so that only four IP addresses could communicate across the VPN for security purposes. The syntax I know of for the ASA's is below.
object-group network RockIsland-2
description RockIsland-2 internal IP Range
network-object host 192.168.6.30
network-object host 192.168.6.32
network-object host 192.168.6.33
network-object host 192.168.6.31
access-list vpn2RI extended permit ip 192.168.10.0 255.255.255.0 object-group RockIsland-2
access-list nonat extended permit ip 192.168.10.0 255.255.255.0 192.168.6.0 255.255.255.0
I just added a 5th IP address to the network-object command and the new workstation works fine. A couple days later, one of the five workstations does not work. It can't connect across the VPN. I am wondering if there is a configuration change that I need to make that I didn't know about.?