VPN 客户端无法访问某个子网

VPN 客户端无法访问某个子网

客户端通过 cisco VPN 客户端连接到 ASA5510。访问 192.168.0.x 子网正常,只是无法访问 192.168.13.x。我可以从 ASA 顺利访问,只是不能通过 VPN 连接。连接应该像这样 VPN 客户端 -> 192.168.0.10 -> 192.168.0.1 -> 192.168.13.x 如果您需要任何其他信息,我将在下面添加。

显示来自 ASA 的路线:

S    10.0.0.0 255.0.0.0 [1/0] via 192.168.0.1, inside
C    192.168.0.0 255.255.255.0 is directly connected, inside
S    192.168.0.161 255.255.255.255 [1/0] via 208.78.x.x, outside
S    192.168.0.162 255.255.255.255 [1/0] via 208.78.x.x, outside
C    208.78.x.x 255.255.255.240 is directly connected, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 208.78.x.x, outside
S    192.168.0.0 255.255.0.0 [1/0] via 192.168.0.1, inside

从 VPN 客户端进行路由打印:

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     172.20.4.225     172.20.4.235     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.20.1.16  255.255.255.255     172.20.4.225     172.20.4.235    100
     172.20.4.224  255.255.255.224         On-link      172.20.4.235    276
     172.20.4.235  255.255.255.255         On-link      172.20.4.235    276
     172.20.4.255  255.255.255.255         On-link      172.20.4.235    276
      192.168.0.0      255.255.0.0      192.168.0.1    192.168.0.161    100
      192.168.0.0    255.255.255.0         On-link     192.168.0.161    276
    192.168.0.161  255.255.255.255         On-link     192.168.0.161    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.161    276
    208.78.119.34  255.255.255.255     172.20.4.225     172.20.4.235    100
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      172.20.4.235    276
        224.0.0.0        240.0.0.0         On-link     192.168.0.161    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      172.20.4.235    276
  255.255.255.255  255.255.255.255         On-link     192.168.0.161    276

access-list NONAT extended permit ip any 192.168.0.160 255.255.255.240

答案1

您的 VPN 池的 NAT 配置(转换和豁免)是什么样的?

@evolvd 也许可以记录一下解决方案,供未来的谷歌用户使用?我猜想 NAT 上对来自客户端的流量有更严格的 ACL 限制?

相关内容