VPN Client not able to access a certain subnet

Question

Client connect to ASA5510 via cisco VPN client. Access to 192.168.0.x subnet works fine, just can't get to 192.168.13.x. I can get there from the ASA fine just not via a VPN connection. The connection should go like such VPN Client -> 192.168.0.10 -> 192.168.0.1 -> 192.168.13.x If you need any other information I will add it below.

Show Route from the ASA:

S    10.0.0.0 255.0.0.0 [1/0] via 192.168.0.1, inside
C    192.168.0.0 255.255.255.0 is directly connected, inside
S    192.168.0.161 255.255.255.255 [1/0] via 208.78.x.x, outside
S    192.168.0.162 255.255.255.255 [1/0] via 208.78.x.x, outside
C    208.78.x.x 255.255.255.240 is directly connected, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 208.78.x.x, outside
S    192.168.0.0 255.255.0.0 [1/0] via 192.168.0.1, inside

Route Print from the VPN Client:

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     172.20.4.225     172.20.4.235     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.20.1.16  255.255.255.255     172.20.4.225     172.20.4.235    100
     172.20.4.224  255.255.255.224         On-link      172.20.4.235    276
     172.20.4.235  255.255.255.255         On-link      172.20.4.235    276
     172.20.4.255  255.255.255.255         On-link      172.20.4.235    276
      192.168.0.0      255.255.0.0      192.168.0.1    192.168.0.161    100
      192.168.0.0    255.255.255.0         On-link     192.168.0.161    276
    192.168.0.161  255.255.255.255         On-link     192.168.0.161    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.161    276
    208.78.119.34  255.255.255.255     172.20.4.225     172.20.4.235    100
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      172.20.4.235    276
        224.0.0.0        240.0.0.0         On-link     192.168.0.161    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      172.20.4.235    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.161    276

.

access-list NONAT extended permit ip any 192.168.0.160 255.255.255.240

What does your NAT configuration (translations and exemptions) look like for the VPN pool? — Shane Madden, Jun 24 '11 at 17:19
I'm not noticing anything but maybe I don't have the right level set for logging. Any suggestions? — evolvd, Jun 24 '11 at 19:02
Shane, it was a NAT problem! If you want to make a post I'll make it as the answer. — evolvd, Jun 27 '11 at 17:13

score 1 · Accepted Answer · answered Jun 27 '11 at 17:25

1

What does your NAT configuration (translations and exemptions) look like for the VPN pool?

@evolvd Maybe make a note of what the solution was for future googlers? I'll hazard a guess that there was a more restricted ACL on the NAT for traffic coming in from the clients?

answered Jun 27 '11 at 17:25

Shane Madden

114,520
13
181
251

My NAT was supposed to cover all of the 192.168.x.x range but just covered 192.168.1.x. I was thinking it was a routing issue but once I compared the old config to this new one I saw the mistake. – evolvd Jun 27 '11 at 18:01

VPN Client not able to access a certain subnet

1 Answers1