The Spyder
2[H]4U
- Joined
- Jun 18, 2002
- Messages
- 2,628
I need to clear my head a bit, things are so busy at work I am having trouble sorting out a simple routing issue.
I have a Cisco ASA 5515-x, setup as my router with a split-tunnel SSL VPN for remote users.. It works great, except when connected via VPN I can only access the same subnet the ASA and HP switch reside on. My VLANs provided via my core HP 5406zl L3 switch are inaccessible. This must just be a simple routing issue, but between Cisco and HP I can not wrap my head around it.
Comcast---> Cisco ASA (VPN) 10.20.28.1 ---> HP (vlans)-----> VLAN 1 10.20.28.254 (Works fine over VPN), VLAN 45 -10.20.45.254 (No access over vpn), VLAN 99- 10.20.99.254 (No access over vpn)
Intervlan routing works great, I can access VLAN 99 from VLAN 1 and vise-versa. I have a route on the HP switch for 0.0.0.0 0.0.0.0 10.20.28.1 for internet access. On the Cisco I have a static route of 10.20.0.0 255.255.0.0 10.20.28.254. I believe my issue is that the HP requires your default gateway to be your VLAN IP for the intervlan routing to work. With my split tunnel SSL VPN, I do not believe it uses the correct routes.
My question is: Where and what routes do I need to add so that I can access the other VLANs when connected via VPN?
I have a test environment setup and I am going to start testing by disabling split tunneling to see if I can access the other VLANs.
I have a Cisco ASA 5515-x, setup as my router with a split-tunnel SSL VPN for remote users.. It works great, except when connected via VPN I can only access the same subnet the ASA and HP switch reside on. My VLANs provided via my core HP 5406zl L3 switch are inaccessible. This must just be a simple routing issue, but between Cisco and HP I can not wrap my head around it.
Comcast---> Cisco ASA (VPN) 10.20.28.1 ---> HP (vlans)-----> VLAN 1 10.20.28.254 (Works fine over VPN), VLAN 45 -10.20.45.254 (No access over vpn), VLAN 99- 10.20.99.254 (No access over vpn)
Intervlan routing works great, I can access VLAN 99 from VLAN 1 and vise-versa. I have a route on the HP switch for 0.0.0.0 0.0.0.0 10.20.28.1 for internet access. On the Cisco I have a static route of 10.20.0.0 255.255.0.0 10.20.28.254. I believe my issue is that the HP requires your default gateway to be your VLAN IP for the intervlan routing to work. With my split tunnel SSL VPN, I do not believe it uses the correct routes.
My question is: Where and what routes do I need to add so that I can access the other VLANs when connected via VPN?
I have a test environment setup and I am going to start testing by disabling split tunneling to see if I can access the other VLANs.
Last edited: