.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
RA VPN users can not ping remote LAN
Hi, Joe,
I have that configured, otherwise we would not have connectivity across MPLS link if this line is not there.
Jian
On Sat, Jul 19, 2008 at 4:39 PM, Joseph Brunner wrote:
> Go ahead and give us a > > > static (inside,mpls) 10.10.10.0 10.10.10.0 255.255.255.0 (in SJ) > > or > > static (outside,mpls) 10.10.10.0 10.10.10.0 255.255.255.0 (in SJ) > > You can troubleshoot these quickly with debugging logging. You’ll see the > failure of connections in the logs… > > -Joe > > —–Original Message—– > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Jian > Gu > Sent: Saturday, July 19, 2008 6:33 PM > To: Cisco certification > Subject: RA VPN users can not ping remote LAN > > Hi, all, > > This is a real world scenario, we have two offices one in San Jose and the > other one in LA, the network is very simple, each office has a PIX 515 and > has one L3 subnet directly attached to firewall’s inside interface, the > subnets are 192.168.1.0/24 and 192.168.2.0/24, respectively. Each firewall > has two public IP addresses, one public address dedicated to Internet > access > and IPsec RA access, and the other public IP is dedicated for site2site > VPN, > the address pool for remote access VPN in SJ office is 10.10.10.0/24, > while > remote access pool in LA office is taken from 192.168.2.0/24 space. So > everything worked fine, when employees VPN in to either firewall, they can > access Email/files in either location. > > We now decided to get rid of the site2site VPN and go with MPLS VPN service > provided by ATT, the MPLS VPN service was attached to third interface > (nameif MPLS) in firewall, we changed the static route on firewall such > that > traffic between two offices are routed to interface MPLS, the cutover is > successful, means that hosts in both offices can communicate with each > other > fine. > > The only problem is remote access users can only access servers in their > local office but can not access servers (or ping) in remote office, I think > somehow firewall does not route traffic coming from RA VPN to the new > (MPLS) > interface, but I can not figure out why is so, because the routing looks > correct, and NAT translation also OK. > > If you guys have any suggestions, please guide, I can post the relevant > configuration if that helps. > > Thanks, > Jian > > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
