客户端通过思科VPN客户端连接到ASA5510。 访问192.168.0.x子网工作正常,只是不能到达192.168.13.x. 我可以从ASA那里通过VPN连接来达到目的。 连接应该像这样的VPN客户端 – > 192.168.0.10 – > 192.168.0.1 – > 192.168.13.x如果您需要任何其他信息,我会在下面添加它。
显示来自ASA的路由:
S 10.0.0.0 255.0.0.0 [1/0] via 192.168.0.1, inside C 192.168.0.0 255.255.255.0 is directly connected, inside S 192.168.0.161 255.255.255.255 [1/0] via 208.78.xx, outside S 192.168.0.162 255.255.255.255 [1/0] via 208.78.xx, outside C 208.78.xx 255.255.255.240 is directly connected, outside S* 0.0.0.0 0.0.0.0 [1/0] via 208.78.xx, outside S 192.168.0.0 255.255.0.0 [1/0] via 192.168.0.1, inside 从VPN客户端路由打印:
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 172.20.4.225 172.20.4.235 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 172.20.1.16 255.255.255.255 172.20.4.225 172.20.4.235 100 172.20.4.224 255.255.255.224 On-link 172.20.4.235 276 172.20.4.235 255.255.255.255 On-link 172.20.4.235 276 172.20.4.255 255.255.255.255 On-link 172.20.4.235 276 192.168.0.0 255.255.0.0 192.168.0.1 192.168.0.161 100 192.168.0.0 255.255.255.0 On-link 192.168.0.161 276 192.168.0.161 255.255.255.255 On-link 192.168.0.161 276 192.168.0.255 255.255.255.255 On-link 192.168.0.161 276 208.78.119.34 255.255.255.255 172.20.4.225 172.20.4.235 100 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 172.20.4.235 276 224.0.0.0 240.0.0.0 On-link 192.168.0.161 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 172.20.4.235 276 255.255.255.255 255.255.255.255 On-link 192.168.0.161 276
。
access-list NONAT extended permit ip any 192.168.0.160 255.255.255.240
您的NATconfiguration(翻译和免除)对于VPN池来说是什么样的?
@evolvd也许记下什么解决scheme是未来的谷歌? 我会冒险猜测,在客户端进入的stream量在NAT上有一个更有限的ACL?