[Other] Static Route Question in Cisco

[Other] Static Route Question in Cisco http://www.dslreports.com/forum/r22624866 en Thu, 26 Nov 2009 21:06:15 EDT Thu, 26 Nov 2009 21:06:15 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22649776 Matt :

said by tubbynet

said by Matt

:

Would you mind sending one as well?

done and done. though i would think that you have a little more pull since you've been here longer ;-).
i'm just a newcomer.... :D

q.

Eh, that's doubtful. Perhaps the mod didn't think it should have been moved since I was the only one who responded. I appreciate it.]]> http://www.dslreports.com/forum/remark,22649776 Fri, 03 Jul 2009 13:16:18 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22649193 tubbynet :

said by Matt

:

Would you mind sending one as well?

done and done. though i would think that you have a little more pull since you've been here longer ;-).
i'm just a newcomer.... :D

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."]]> http://www.dslreports.com/forum/remark,22649193 Fri, 03 Jul 2009 11:08:11 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22649027 Matt :

said by tubbynet

:

its hard to speculate what is messed up without seeing the config. this is more appropriate in the cisco forums, however.

I sent a Hey Mod and asked it to be moved, but it never was. Would you mind sending one as well?]]> http://www.dslreports.com/forum/remark,22649027 Fri, 03 Jul 2009 10:29:16 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22648383 tubbynet :

said by Pluto1914

:

But I have even tried adding rules to allow bidirectional communication between the two networks on all ports and so far...nothing

the asa isn't looking for firewall rules to permit traffic. two things *must* be enabled for proper communication across vpn (aside from the usual connection ike phase i and ii stuff).

(a) you must allow the subnet to be tunneled across the vpn if you are using a split-tunnel vpn. if your client isn't made aware of the network (or specific device) then it will never know to pass packets across the vpn interface

(b) the subnet or host *must* be nat exempt in the access-list referenced by the nat0 statement to the vpn subnet (i.e. if your vpn is connected on 1.1.1.1 and your client is 2.2.2.2, then you must deny nat from 1.1.1.1 to 2.2.2.2, otherwise communication won't work).

its hard to speculate what is messed up without seeing the config. this is more appropriate in the cisco forums, however.
you may also try googling for the cisco asa configuration guide for your version of the asa-os. it should have a good reference to get you started on configuring the vpn.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."]]> http://www.dslreports.com/forum/remark,22648383 Fri, 03 Jul 2009 02:38:36 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22633119 Matt :

said by Pluto1914

:

No, as I thought they should. But I have even tried adding rules to allow bidirectional communication between the two networks on all ports and so far...nothing

I don't think a static route is the answer here. It sounds to me like your ASA or the Cisco VPN Client may be misconfigured. Let me see if I can get this moved to the Cisco or Enterprise Admins forum for you.]]> http://www.dslreports.com/forum/remark,22633119 Tue, 30 Jun 2009 10:00:00 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22631292 Pluto1914 : No, as I thought they should. But I have even tried adding rules to allow bidirectional communication between the two networks on all ports and so far...nothing]]> http://www.dslreports.com/forum/remark,22631292 Mon, 29 Jun 2009 22:01:03 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22631184 Matt :

said by Pluto1914

:

Thats right. The bosses can be out and about and they want the ability to fire up the VPN and use the AVL client like they are sitting at their desks.

Your ASA should take care of the routes for you. When a user connects to the ASA, can they not access the XP machine already?]]> http://www.dslreports.com/forum/remark,22631184 Mon, 29 Jun 2009 21:42:52 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22631098 Pluto1914 : Thats right. The bosses can be out and about and they want the ability to fire up the VPN and use the AVL client like they are sitting at their desks.]]> http://www.dslreports.com/forum/remark,22631098 Mon, 29 Jun 2009 21:26:35 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22629350 Matt : That does clarify. One more thing, when you say you want the VPN users access to "the client," you mean the XP machine correct?]]> http://www.dslreports.com/forum/remark,22629350 Mon, 29 Jun 2009 15:58:57 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22629254 Pluto1914 : The Server - Windows XP Pro SP3. Runs the AVLS server application which receives the location data from the modems and translate that to its mapping software for tracking.

The VPN connection is handled via the Cisco ASA Firewall

There are three networks involved in this setup.

The VZW network with the DUN Modem.
The work LAN where the server sits.
Finally the VPN network which has full access to the LAN for the server.

I hope this helps.]]> http://www.dslreports.com/forum/remark,22629254 Mon, 29 Jun 2009 15:41:21 EDT Re: [Other] Static Route Question http://www.dslreports.com/forum/remark,22625897 Matt : Unfortunately, your post isn't very clear, so we'll need some more information.

First, what is the "server?" What OS? What does it do?

Secondly, what is handling your VPN connectivity?

Thirdly, if I understand your post correctly, it looks like you have a "work" network and some "other" network. The VPN connects to the "other" network. Does the "work" network and the "other" network have any sort of physical connectivity?]]> http://www.dslreports.com/forum/remark,22625897 Sun, 28 Jun 2009 22:00:52 EDT [Other] Static Route Question http://www.dslreports.com/forum/remark,22624866 Pluto1914 : We use AVL software at work. The server has an airlink modem on the verizon wireless network connected via a serial cable. Connectivity is made via a DUN connection. The server is also on works network so that admin's can use teh client software in house. We also use a VPN connection that allows admins access to network resources. The VPN is is a seoerate network form the LAN and through the firewall ist is allowed through.

I am trying to allow the users on the VPN connection access to the client. Unfortunately they cannot run the software. So I think if I put a route statement on the sever I should be able to rectify this. I just need help in establishing what the statement should be.

Any ideas?]]> http://www.dslreports.com/forum/remark,22624866 Sun, 28 Jun 2009 17:51:20 EDT