06-19-2019 07:02 AM - edited 02-21-2020 09:13 AM
Hello,
I have 2 LANs connected across a VPN Site to Site with 2 Cisco ASA 5500, it is working OK, but on one of the ASAs the AnyConnect users need to connect to the other LAN accross the VPN, is that possible, here are a basic diagram that I made for a better explanation.
Thanks
Solved! Go to Solution.
11-15-2019 01:25 PM
Solution to this:
Steps to perform at LAN 1 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
2. Allow access from Anyconnect VPN subnet to LAN2 Subnet in Anyconnect VPN.
3. Add No NAT for Anyconnect VPN Subnet.
Steps to perform at LAN 2 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
Run these commanbds
- same-security-traffic permit intra-interface
- same-security-traffic permit inter-interface
06-19-2019 08:07 AM - edited 06-20-2019 02:23 PM
Hi,
Yes, We can do it.
Steps to perform at LAN 1 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
2. Allow access from Anyconnect VPN subnet to LAN2 Subnet in Anyconnect VPN.
3. Add No NAT for Anyconnect VPN Subnet.
Steps to perform at LAN 2 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
06-20-2019 01:27 PM
Could you explain me a little bit more step 2?
2. Allow access from Anyconnect VPN subnet to LAN2 Subnet in Anyconnect VPN.
In Anyconnect?
Thanks
06-20-2019 02:26 PM
That looks to be some typo, You can check now.
11-15-2019 12:18 PM
Do I need to add a Route on the ASA LAN 1 to the LAN 2? I dont think so because the connection is on the same FW.
I think I already added the NAT Exemption but still not working.
06-19-2019 08:16 AM
10-28-2019 06:39 AM
How can I add the NO-NAT/NAT Rule, at this moment, this the the rule that has been created on automatically after I created the VPN Site to Site. Where am I going to create that rule on?
11-15-2019 01:25 PM
Solution to this:
Steps to perform at LAN 1 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
2. Allow access from Anyconnect VPN subnet to LAN2 Subnet in Anyconnect VPN.
3. Add No NAT for Anyconnect VPN Subnet.
Steps to perform at LAN 2 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
Run these commanbds
- same-security-traffic permit intra-interface
- same-security-traffic permit inter-interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide