VPN IPSec Client connectivity to ASA5510

MIBS, SMMPv1, SMMPv2, SMMPv3 and management
Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 12:47 am


Understood.  I had suspected that, but had not followed through.  Ran into a similar issue awhile back doing something similar on a 2821 router.So, would you recommend using a neighboring Class C, such as 192.168.101.0 or something different such as 172.16.x.x for the VPN user subnet?I am not so much concerned about users getting to the inside subnet, as simply being able to access ONLY the DMZ.I'd also prefer to turn on hairpin'ing, but know this would involve more NAT'ing and my skills have rusted from disuse.

Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 1:15 am


Now I am really confused.  Whereas before I was able to connect and still route to outside sites, now when I connect I am cut off entirely.  Even though I did enable split tunneling.Here is the current running config.  Maybe someone else, besides me, can make heads or tails of it.Again, I simply want users to connect using Remote VPN access to the outside firewall at our collocation facility.  Then, once in they use the VPN users IP address range, 192.168.111.0/26. They should be able to access the internal servers in the DMZ or 192.168.100.0/24 subnet.Rather than having to create rules to allow home IP addresses in, let them authenticate via the VPN and then have access.It should not be this difficult.  

Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 1:53 am


Kerry it all depends on your policy. It just should be different enough to differentiate between the DMZ subnet and the VPN pool (to reduce human errors during configuration changes etc.).I would go for another class C like 192.168.150.0/24 etc.RegardsFarrukh

Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 2:57 am


Thanks.  I agree with your verdict.I decided to go with 192.168.111.0/24.  Plain and simple.

Guest

Re:VPN IPSec Client connectivity to ASA5510

Post by Guest » Fri Nov 12, 2010 3:36 am


Now I am really confused.  Whereas before I was able to connect and still route to outside sites, now when I connect I am cut off entirely.  Even though I did enable split tunneling.Here is the current running config.  Maybe someone else, besides me, can make heads or tails of it.Again, I simply want users to connect using Remote VPN access to the outside firewall at our collocation facility.  Then, once in they use the VPN users IP address range, 192.168.111.0/26. They should be able to access the internal servers in the DMZ or 192.168.100.0/24 subnet.Rather than having to create rules to allow home IP addresses in, let them authenticate via the VPN and then have access.It should not be this difficult.

Post Reply