Solved: Re: Access to LAN Site - Site From ANY Connect on Cisco ASA

santimac88 · ‎11-15-2019

I have 2 LANs connected across a VPN Site to Site with 2 Cisco ASA 5500, it is working OK, but on one of the ASAs the AnyConnect users need to connect to the other LAN accross the VPN, is that possible, here are a basic diagram that I made for a better explanation.

Santimac · ‎11-15-2019

Solution to this:

Steps to perform at LAN 1 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
2. Allow access from Anyconnect VPN subnet to LAN2 Subnet in Anyconnect VPN.
3. Add No NAT for Anyconnect VPN Subnet.

Steps to perform at LAN 2 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .

Run these commanbds
- same-security-traffic permit intra-interface

- same-security-traffic permit inter-interface

View solution in original post

Santimac · ‎11-15-2019

Solution to this:

Steps to perform at LAN 1 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .
2. Allow access from Anyconnect VPN subnet to LAN2 Subnet in Anyconnect VPN.
3. Add No NAT for Anyconnect VPN Subnet.

Steps to perform at LAN 2 ASA
1. Add Anyconnect VPN Subnet to Crypto ACL to allow for site to site VPN .

Run these commanbds
- same-security-traffic permit intra-interface

- same-security-traffic permit inter-interface