cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
378
Views
0
Helpful
3
Replies

Route RAVPN traffic over site to site tunnel

ironman28
Level 1
Level 1

We have users able to RAVPN to an office, but can't access another office.  There is a site-to-site VPN tunnel between the two offices.  The IPs user get when the remote in is 10.10.20.0/24 and the site they try to get to is 172.16.30.0/24.

Is this a routing issue or do I need to include the RAVPN subnet in the site-to-site tunnel or NAT issue?

3 Replies 3

@ironman28 you need to configure the command same-security-traffic permit intra-interface to allow the traffic to hairpin back out the same (outside) interface. You would need a NAT exemption rule to ensure the RAVPN ip pool networks are not unintentially translated. And you would also need to modify the crypto ACL (on both peers) to allow the RAVPN network over the S2S VPN.

Rob, 

Thank you for the suggestion.   It looks like we were able to fix it.   

If we want to limit the remote access VPN users to some servers over the S2S VPN, where should I apply the ACL?

Thanks,

can you share config ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card