Cisco :: Users From Remote Access VPN Can't Access Other Subnet

Nov 1, 2011

Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...

Should i put routing from outside 1.1.1.2 to 192.168.10.x by using 192.168.100.1 as a gateway?

View 1 Replies


ADVERTISEMENT

Cisco VPN :: ASA 5510 - AnyConnect Users Unable To Access Remote Subnet

Jun 9, 2013

I have a weird problem which I have already submitted a TAC ticket about. When users authenticate through AnyConnect into our HQ ASA 5510 they grab an address from 172.16.254.x. What we have been noticing intermittently is that when logged into our network through the client they are unable to access their resources at one of our remote offices which is connected over l2l to the HQ ASA. This problem just started randomly a week ago and we have been working with Cisco trying to create a solution.
 
My quick fix is logging into a device at the remote office which is trying to be accessed and pinging the gateway of the virtual subnet for AnyConnect users. When I ping 172.16.254.1 it goes through after a few dropped icmp packets and then the issue is resolved for about 8 hours or so.

View 1 Replies View Related

Cisco Routers :: RV220W PPTP Users Unable To Access Subnet Across Tunnel

Apr 21, 2012

I have two offices connected with an IPSEC VPN tunnel using RV220W routers.  The Tunnel works fine for local users between the two sites(Site 1:10.0.0.x; site 2 is 10.0.2.x).  I have also set up PPTP users for remote access.  PPTP users that connect to site 1 cannot access site 2 and vice versa.   The PPTP users have no trouble accessing the resources on the site that they connect to.  I have tried activating RIP and adding various static routes with no success.  If I PPTP connect to site 1 and I tracert to an IP address on site 2 the route goes to the site 1 router and then goes to the internet(connected to the site 1 router) where it stops.

View 2 Replies View Related

Cisco Firewall :: 5505 / How To Give Access To Remote Subnet

Mar 23, 2011

I want to give access to remote subnet on firewall 5505.

Remote subnet is 16x.15X.56.0

Here is my access list

access-list outside_5_cryptomap extended permit ip 192.168.12.0 255.255.254.0 16x.15X.56.0 255.255.254.0

View 7 Replies View Related

Protocols / Routing :: Access Secondary Subnet From Remote Location?

Apr 12, 2011

Main Site allows communication from Remote Site via VPN to Windows ServerMain Site also has a secondary subnet that communicates ONLY through internet but NOT to the Windows Server.Sonicwall 192.168.168.x is main siteRemote Site is 192.168.0.x connecting to Main Site to access shared folders on serverSecondary subnet at Main Site is 192.168.0.x using Windows XP PC's. They are accessing a linux server at 192.168.0.215 which Main Site has no access to.VPN remote ip's are 192.168.0.x - they can successfully access the Windows Server at 192.168.168.100 BUT NOT 192.168.0.215.GOAL: Want to connect Remote Site to Secondary subnetWilling to make router changes or whatever is necessary to get Remote Site to access Secondary Subnet with the only exception that the Secondary Subnet REMAINS.VPN DHCP is turned off but willing to turn it on.Willing to make the Linux Server 'discoverable' on the Windows Server. Don't know linux at all but another co-worker set it up and can make changes.

View 4 Replies View Related

Cisco Firewall :: Access ASA5505 With Telnet Or ASDM From Remote Subnet?

Jul 11, 2012

I have a network with 3 sites that are on different subnets.  Each site has an ASA Right now, I am only able to connect to the ASA that is connected to the subnet I am connected to.I want to be able to connect to the ASA that are on the remote subnets on the address of the inside interface.The sites are connected all together by site-to-site VPN.Is there any way I can achieve that without opening the outside interface directly on the Internet?

View 2 Replies View Related

Cisco VPN :: 5510 Restrict Remote VPN Access For MAC OS X Users

Feb 12, 2013

I need a way to block MAC OS X users connecting remotely to our coporate users over VPN. I know there is an option to block connections based on VPN client Version, but cant find a way to block users based on operating system.
 
We use Cisco ASA 5510 firewals one with v8.2(1) and other with v7.2(3). I need to do on both firewalls. They are both at diffrent sites.

View 4 Replies View Related

Cisco VPN :: ASA5510 Configured Remote Access To Allow Users Log In Via SSL VPN

Apr 12, 2011

We have a high availability pair of ASA 5510's in Data Centre where we have configured remote access to allow users log in via SSL VPN, now we want to add further security to our environment we are adding endpoint assessment licenses...the question I have would I need two sets of the license ASA-ADV-END-SEC ?
 
I learned the hardway before with ASA SSL VPN licenses breaking other failover pair as it needed identical licenses on both units! Will I need 2 separate license sets to keep my firewalls in a HA pair?

View 1 Replies View Related

How To Force Users To Log Off And Access Remote Desktop Computers

Mar 16, 2011

I was trying to access some computers in network via remote desktop. All those computers had been used by other staffs.What I noticed that, for some computers I can access via remote desktop by forcing them to log off (people who were using the computers)But for some computers, I got the message similar to "user is currently logged onto the computer, you are not allowed to connect"I want to force them too and access these computers. How I can do it?

View 6 Replies View Related

Cisco Switching/Routing :: 3600 Accessing Wireless Access Point From Remote Subnet

Mar 28, 2013

I recently installed a couple of Cisco Aironet 3600 Series Wireless Access Points at a remote site. While I was at the site everything seemed OK, The clients were able to get connected to the access points, the guest network worked fine, I could SSH into the access points, and I could ping them. The problem is when I went back to my home site I tried to SSH into the access points through an ASA IPSec VPN Tunnel and it couldn’t find it. When I try to ping the access points they “time out”. I can ping and connect all other addresses (via RDP, HTTP, etc..) on the same subnet which should rule out an access list problem. A couple of notes to be aware of:
 
The WAP’s have the Autonomous IOS installed (Version 15.2(2)JB) The WAP’s are connected to Dell PowerConnect 5724 (Not by choice.. We are a Cisco shop, these were already there and have plans this year to replace) 

I can ping and SSH with Putty to the WAP’s from the local subnet I cannot ping or SSH from a remote subnet to the WAP’s. I can access all other IP’s and Computers from a remote subnet.

View 12 Replies View Related

Cisco WAN :: 6500 - Remote Vpn Users Cannot Access Webserver Locally

Sep 14, 2011

I configurated ipsec remote vpn at catalyst 6500.
 
192.168.14.0/24-- my servers are assigned this subnet
vpn user:10.10.10.0/24
192.168.10.229  ----  webserver ip address

[code]...

View 3 Replies View Related

Cisco Firewall :: 5510 Access List For Remote Vpn Users

Apr 5, 2011

How to designate access-list for the remote access vpn users in order to let them access specific subnet or host,asa 5510 and acs is in the picture

View 9 Replies View Related

Cisco VPN :: ASA 5510s / Remote VPN Users Need To Access Networks Connected By Static VPN

Oct 23, 2012

I have five (5) sites all connected via static VPN tunnels.  They are all using Cisco ASA 5510s running 8.4(4)1. Any internal IP on each site can ping any IP on a remote site, because of the static VPN tunnels.  I have the external IP (routeable) addresses connecting to each other.

Site A: 10.1.0.0 /24
Site B: 10.2.0.0 /24
Site C: 10.3.0.0 /24
Site D: 10.5.0.0 /24
Site E: 10.10.0.0 /20

I have remote users who connect using Cisco AnyConnect 3.1 to Site E.  They get a static IP within the 10.10.100.0 /24 subnet (vpnpool00) and can access anything in the 10.10.0.0 /20 subnet. So far, so good.No management wants users to access devices within the other sites, specifically Site A using teh same AnyConnect connection.  In other words, they get an Ip address of say, 10.10.100.5 and now need to access a server on Site A's subnet or 10.1.0.5.I have checked my NAT statements and they appear to allow this, but so far when I do a ping I get the following:  Routing failed to locate next hop for ICMP from outside: 10.10.100.5/1 to inside: 10.1.0.5/0 What am I missing?  Is there a NAT statement that is wrong, or an access-list statement or possibly a static route?

View 10 Replies View Related

Cisco Routers :: RV016 VPN To Allow Remote Users To Access Network Shares Via Samba

Jul 4, 2012

My company is using an RV016 router as a gateway to our internal network. My end goal is to allow remote users to access network shares via Samba.I've been trying to create a VPN using the router with absolutely no luck. I've tried QuickVPN. I've tried creating a client-to-site group vpn. I've tried creating a client-to-site tunnel vpn. I've tried pptp. Nothing will allow me to establish a VPN connection. Sometimes there is information logged in the router but most of the time there is not.

View 1 Replies View Related

Cisco VPN :: ASA 5510 - Remote Subnet Group To Access Other Site-site VPN?

Feb 14, 2011

I have a cisco ASA 5510 at the branch here. It terminates about 8 vpn tunnels and also it supports remote access clients. I just have a quick question. Can my remote sub-net group access the other remote access site-site VPN subnet group. If yes then how should i configure it.

View 6 Replies View Related

Cisco VPN :: ASA 5510 - AnyConnect Users Cannot Access Remote Office Over Site-to-site

Jul 15, 2012

we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.Site/Subnet A: 192.160.0.0 - local (8.4(4)) Site/Subnet B: 192.260.0.0 - remote (8.2(5)) VPN Users: 192.160.40.0 - assigned by ASA When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.

Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc... is not reachable by ping or otherwise.There are also some weird NAT rules that I am not happy with that were created after I upgraded Site A ASA to 8.4

Site A internal: 192.160.x.x     External: 55.55.555.201(main)/202(mail)
Site B (over site-to-site) is 192.260.x.x     External: 66.66.666.54(all)

I pretty much just have the basic NAT rules for VPN, Email, Internet and the site-to-site.What do I need to add for the VPN to be able to access the site-to-site network?

Here is my NAT config:

nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static VPN_Network VPN_Network no-proxy-arp route-lookup
nat (inside,Outside) source static DOMAIN_LOCAL DOMAIN_LOCAL destination static DOMAIN_REMOTE DOMAIN_REMOTE no-proxy-arp route-lookup
!
object network DMZ_Network
nat (DMZ,Outside) dynamic interface
object network DOMAIN_LOCAL

[code]....

View 3 Replies View Related

Cisco VPN :: ASA 5505 / Remote Access VPN - Unable To Access Internal Network

May 7, 2012

I have created remote access vpn in my ASA 5505. The tunnel is established but i am not able to access the internal network.

View 3 Replies View Related

Cisco :: Remote Access Vpn Virtual Access Lines Getting Clogged Up?

Aug 16, 2012

Im currently connected to a remote acess vpn setup using the vpn client and am unable to get anywhere around my network, this normalyl works fine The only difference i can see is that the are multiple virtualaccess interfaces pointing to my public ip address, which im presuming is causing routing issues How can i clear these unsed virtual access lines and how can i make it forget them automatically after disconnects?

View 5 Replies View Related

Cisco VPN :: ASA5510 Unable To Access Some Segments From Remote Access VPN

May 17, 2011

We have an ASA5510 and a few days ago we were unable to access some segments from remote access VPN, the problem was not the config.  A few hours later the problem was resolved on its own and I suspect we have an IOS bug.  This has happened a few times in the past and its becoming an issue. How can this be confirmed and which IOS should we upgrade to?  Prefer not 8.3 given the syntax difference

View 1 Replies View Related

Access Devices On A Different Subnet?

Aug 23, 2011

One is my HOME the other is my CARAVAN SITE. both networks are working fine independently, the problem occurs when i join the networks togetherI need to connect the said networks together in order to view my IP cameras which are dotted all around the campsite, i need to be able to view these from HOME.The problems i am having is DHCP servers are stealing clients from the other sides and directing them to the wrong gateway.please see below network map (these routers are all running DDWRT)Below is another network map which someone on another forum told me to do but its still not working. (DHCP servers are still clashing and still stealing clients)by the way, on both of the network maps all routers are connected with the LAN interface. someone told me to connect certain routers with WAN and it didn't work, or it was not explained correctly.Also please note that assigning clients with Static IP's is completely out of the question due to most of the clients being campers who come and go.

View 9 Replies View Related

Access Devices On Different Subnet?

Aug 23, 2011

I have a problem with my 2 networks which are 1000 meters apart.One is my HOME the other is my CARAVAN SITE. both networks are working fine independently, the problem occurs when i join the networks together.I need to connect the said networks together in order to view my IP cameras which are dotted all around the campsite, i need to be able to view these from HOME.The problems i am having is DHCP servers are stealing clients from the other sides and directing them to the wrong gateway.please see below network map (these routers are all running DDWRT)if(GetCookie('computingnet_image') == 'yes') { document.write(''); }Below is another network map which someone on another forum told me to do but its still not working(DHCP servers are still clashing and still stealing clients)by the way, on both of the network maps all routers are connected with the LAN interface.someone told me to connect certain routers with WAN and it didn't work, or it was not explained correctly.Also please note that assigning clients with Static IP's is completely out of the question due to most of the clients being campers who come and go.

View 1 Replies View Related

Access To Internet From 2nd Subnet

Mar 15, 2013

I have setup my network with two subnets (192.168.0.x and 192.168.1.x) and have a number of clients on both.I am using a Vigor 2750n router as my 'primary' router, and have a Server 2008 machine running RRAS as my other 'router'on the 192.168. 1. x subnet.On the 192.168.1.x network I have a server running DNS for local queries on that subnet and have 8.8.8.8 setup as a DNS forwarder. On the 192.168.0.x subnet I use the google DNS 8.8.8.8.I have setup a static route between the two subnets and am able to ping clients between each subnet.With regards to internet access, I am unable to get access to the internet from the 192.168.1.x subnet (no problems from 192.168.0.x subnet) and am unable to even ping a web IP address, and am wondering if I need to make any changes to the 2750's configuration to allow traffic from the other one to get out to the internet.

View 3 Replies View Related

Access NAS Drive On Different Subnet?

Jan 12, 2012

I have a server which has multiple NIC's.NIC 1 is connected to the network / internet etc.NIC 2 is connected to a NAS drive.Obviously I can access the NAS drive from the server, but how can I access the NAS drive from devices on the network i.e. on NIC 1?Is it possible to access the NAS from a different subnet?

View 5 Replies View Related

Access To Internet From 2nd Subnet?

Mar 15, 2013

I have setup my network with two subnets (192.168.0.x and 192.168.1.x) and have a number of clients on both. I am using a Vigor 2750n router as my 'primary' router, and have a Server 2008 machine running RRAS as my other 'router' on the 192.168.1.x subnet.

On the 192.168.1.x network I have a server running DNS for local queries on that subnet and have 8.8.8.8 setup as a DNS forwarder. On the 192.168.0.x subnet I use the google DNS 8.8.8.8.

I have setup a static route between the two subnets and am able to ping clients between each subnet.With regards to internet access, I am unable to get access to the internet from the 192.168.1.x subnet (no problems from 192.168.0.x subnet) and am unable to even ping a web IP address, and am wondering if I need to make any changes to the 2750's configuration to allow traffic from the other one to get out to the internet.

View 7 Replies View Related

Cisco VPN :: RV042 - Cannot Access Resources With Same Subnet

Aug 19, 2011

I have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).

View 1 Replies View Related

Cisco WAN :: 2960 - VLan 2 Subnet Without Access Together

Dec 26, 2011

i have 2x 27 subet ( we will call first /27 fip and call second /27 sip) we assign sip subnet to our virtual machine and we do not want assign ip from sip to our physical node and we wan assign ip from fip subnet to our physical server, because we want sip can not spoof physical server ips, so when we create vlan in our switch we set port 1 and fip and sip subnet access to this vlan in this senario can my virtual machine spoof our physical node ip ? some one in my datacenter technical team told me we should create vlan for fip and create a seprate vlan for sip then set vlan fip and vlan sip access to switch port #1 is it right? if it is ok can some one give me the commands for this senario which create 2 spetare vlan and access them to port siwtch #1 for exaple? we have cisco 2960 48 port ,

View 2 Replies View Related

Access Computer In LAN Outside Subnet Mask?

Jun 12, 2012

I have old interface hardware with Static IP 10.2.2.200 and on the same switch I have computers with IPs of 10.4.1.0 If I change subnet to 255.0.0.0 old hardware with 10.2.2.200 will be accessible. The problem is that I would like to have 255.255.255.0 as subnet but it should still be possible to access 10.2.2.200. Can I add Static route for oldhardware in XP without adding gateway settings? The most simple would be to put all on same subnet but it is not possible due to a various reasons. The computers are running Windows XP

View 10 Replies View Related

Cisco Switching/Routing :: SG 200-26P Cannot Access Web Interface From Different Subnet

May 24, 2012

Got a shiny new SG 200 26P which seems to work fine operationally.owever, when I am trying to access the web interface from a different IP subnet, the web brower just times out.If I put my PC on the same IP subnet, it works just fine. From the other subnet, I can ping the switch fine. The default gateway is set on the switch, and from the web interface I can ping and dns resolve other hosts and on the internet. I've tried to create a management profile to 'allow all from everywhere' basically, but still no luck.I'm completely stumped.  I've tried to reset to firmware defaults, and I'm now runinng the latest firmware. I woudl suppose that the switch would allow itself to be managed via the web interface from all subnets by default. Any thoughts?  The fact that the switch can ping internet hosts makes be believe it's own default gateway and IP are all ok and working.. (and I can ping it from anywhere in my network).

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Can't Access Server On Different Subnet

Sep 7, 2011

First off, let me preface this by saying that I'm a novice when it comes to firewalls and more specifically, the ASA.  I do however, have an above average understanding of switches/routers.
 
We have an ASA 5510 running 8.3 and recently I've decided to clean up the last admin's mess.  All hosts and servers are on the same subnet, multiple subnets on the same VLAN... and a slew of other problems.  Anyway, I recently placed the IT department on another subnet to test some things out before I migrated other departments to different networks.  Everything seems to be working as it should be with the exception of one of our servers.  The IT subnet is 192.168.150.0/24 and the problem server is on the 192.168.10.xxx network.  I'm guessing the issue lies somewhere in the fact this server does have a static NAT and is accessible from the public.  Let me give you an overview of what our network looks like:
 
ISP ---->ASA----->3750----->2960
 
My workstation is directly plugged into the 3750 switch, and the server is plugged into the 2960.  I'm able to ping this server by both IP and hostname.  However, I cannot access port 80 by IP or hostname.  The users that are on the 192.168.10 and 192.168.11 (sadly both of those are on the same VLAN) network are able to access this server without a problem.  Thinking logically, I thought I would send a packet from my workstation, it would head to the layer 3 switch's VLAN interface corresponding to my subnet, realize the .10 network is directly connected and then forward the packet straight to the server.  However, it doesn't seem to be working that way.  It look like it's being routed to the ASA then being dropped.  I guess there's an access rule or firewall rule preventing me from getting to the server.  Is there a specific part of my config you will need to see...

View 15 Replies View Related

Cisco :: ASA 5505 Series / Unable To Access New Subnet

Dec 7, 2011

I am working on a site that has recently added a new subnet and I am unable to ping any of the stations on this new network. I have configured an Exempt NAT rule just the same as the rules allowing access to other networks. I have a feeling the problem is in the Site-to-Site VPN configuration since the new subnet is at the primary location over the VPN.
 
In the site-to-site configuration I added the new subnet to the list of "Remote Networks" and I still can't communicate with any of the devices on the network. If I go to the main site I have no problems so it appears to be related to the VPN or a configuration in the ASA on that site.
 
A port scan shows that all the traffic is "filtered" so somewhere either the site ASA or the main ASA is blocking the traffic.

View 7 Replies View Related

Cisco Routers :: RV042 - VPN Access Resources With Same Subnet?

Aug 24, 2011

I have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).

View 1 Replies View Related

Dual DHCP Or Access Devices On Different Subnet?

Aug 23, 2011

I have a problem with my 2 networks which are 1000 meters apart.One is my HOME the other is my CARAVAN SITE. both networks are working fine independently, the problem occurs when i join the networks together.I need to connect the said networks together in order to view my IP cameras which are dotted all around the campsite, i need to be able to view these from HOME.The problems i am having is DHCP servers are stealing clients from the other sides and directing them to the wrong gateway.please see below network map (these routers are all running DDWRTBelow is another network map which someone on another forum told me to do but its still not working. (DHCP servers are still clashing and still stealing clients)y the way, on both of the network maps all routers are connected with the LAN interface. someone told me to connect certain routers with WAN and it didn't work, or it was not explained correctly.Also please note that assigning clients with Static IP's is completely out of the question due to most of the clients being campers who come and go

View 1 Replies View Related

Access Device On Loop Back Subnet

Jul 12, 2011

I am working with a device that does not have a physical reset button on it, and have mistakenly typed in 127.x.x.127 for it's IP. I was trying to use 172, but mistyped and didn't catch it until after I had rebooted the unit. Is there anyway that I might be able to gain access to the device. My PC is running Windows 7, but I am familiar with linux as well. I have attempted to change the loopback adapter IP to 128 on a ubuntu live disc and set my ethernet port to the subnet the device is on with no avail. (I am also using vlans on the device, but believe I have them set up correctly)the device is set to IP: 127.x.x.127 netmask 255.255.255.128. [code] I know that the last octet of 127 is the broadcast IP for the range, but have been able to address similar blunders before by forcing myself to a /24 subnet to correct that.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved