Letting AnyConnect client access site-to-site IPs

Obiben · ‎09-05-2019

We have very limited access to the main office router config. Let's call that one 172.1.1.0

Our branch office is set up with a working site-to-site VPN that connects an IP group (.33,.34,.35,.36,.37) with our branch network (192.168.10.0/24).

My AnyConnect VPN gives IPs in the 192.168.6.0/24 subnet, since it cannot be one of the configured VLANs. Is there a way to push a route or something that would let clients from 192.168.6.0/24 subnet access 172.1.1.33-37 machines?

nagrajk1969 · ‎05-12-2021

Hi

A) In the main-office Router:

1. Already existing ip-group named "localgroup1" : 172.1.1.33-37

2. Create another ip-group named "remotegroup1" and add the 2 subnets: 192.168.10.0/24, 192.168.6.0/24

3. Edit the existing S2S tunnel config and change the values as below:

Local-Ip-Type: IPGroup: Select "localgroup1"

Remote-IP-Type: IPGroup: Select "remotegroup1"

- all other configs continue to remain the same...just apply and save and wait for the branch office config changes to be applied next for the tunnel to come up

B) On the Branch office Router:

1. create a ip-group named "localgroup1" : and add subnets 192.168.10.0/24, 192.168.6.0/24

2. There must be already a existing ip-group for Main-office subnet/machines, let us assume that its named as "main-remotegrp1"

3. So next Edit the existing S2S tunnel config and change the values as below:

Local-Ip-Type: IPGroup: Select "localgroup1"

Remote-IP-Type: IPGroup: Select "main-remotegroup1"

- all other configs continue to remain the same...just apply and save

- and start sending traffic as earlier to bring up the s2s tunnel....

And now once you connect the AnyConnect clients (with ipaddress 192.168.6.x),,you may then communicate to 172,1.1.x also across the s2s tunnel