So, not being a networking guy (casually working towards a CCNA for fun), I'm stumped with this ASA/ASDM issue. My current customer has two separate sites, one called HQ and one DR. Here are the facts:
- While on the HQ LAN I can access resources at DR
- While connected via VPN (Cisco through ASA firewall) I cannot access resources at DR
- I can ping/traceroute via ASDM (version 7.1) to DR resources via it's 'server-core' interface (which is how it's configured for other offices in the network, office synonymous with site for this exercise but they differ in purpose)
- The VPN IPv4 address assignment to client connections (AKA me off-site) is on the same subnet as the 'server-core' interface
- DNS lookup is enabled on 'server-core' interface so DNS resolves correctly
- ACL's for 'VPN_ACCESS' specify any/any permitted via IP
- I added a static route for troubleshooting purposes that matches the other offices (interface and gateway, obviously IP address would be different [would gateway too if this is a different connection {MPLS to DR site}?])
- When I tracert from my off-site VPN-connected desktop, it tries to hit the public IP of the ASA first hop. Super weird.
So yeah, nowhere near a networking guy. I understand things from an internal perspective (I'm an infra engi) but once you jump outside that I start losing speed. However, my gut has been a routing issue.
TIA
For example reference
HQ 10.10.0.0/16
DR 10.20.0.0/16
First thought...is this an EIGRP issue with the MPLS cloud? I feel like a dummy trying to talk about networking protocols
