Remote VPN users's gateway

mohamedzidan · ‎07-21-2013

Hello

i have ASA5510 and configured for VPN remote access. the connection is established and users are authenticated correctly and logged into the local network and can ping all LAN devices.

The Problem is that, the logged in users cannot ping any other VLAN or network inside the enterprise ( the local users with the same LAN but not VPN users can ping it).

I have check it the VPN adapter IP address that the user got and I noticed that there is not gateway is appear, so who I can configure the ASA’s IP address as getaway to the remote VPN users to be able to ping other Vlans and networks in the same enterprise

thanks

m.zidan

Andrew Phirsov · ‎07-21-2013

There shouldn't be any default GW under vpn-adapter interface. To see what traffic is tunneled, do the route print command. By default (if no spit tunnel is configured), all the traffic is tunneled. So don't bother for the traffic flow from vpn-clients towards your LAN, but pay more attention to the reverse direction (from LAN towards vpn-clients), specifically check that:

- nat exemption (NAT 0) rules are configured for all VLANs subnets for traffic, destined towards vpn-clients pool (you've got those for local lan, so do the same for others VLANs).

- check that there's correct routing information so those VLANs know how to reach vpn-clients subnet through ASAs inside interface.