You've obfuscated so much information I can't really help. I don't know what IP addresses are used for what.
Is outside_cryptomap_1 or outside_cryptomap_2 the VPN to the cloud service?
I can't generate any config for you because there isn't enough information.
You need to extend outside_cryptomap_2 to include the pool used for VPN users, on both ends of the VPN.
You then need to create a rule saying not to NAT traffic between the two VPNs, and an access rule to allow it.
So,below are the networks i have
192.168.104.0/24 - Internal N/W
10.169.0.0/16 - Cloud N/W
192.168.125.1-192.168.125.10 (/24) - VPN Pool
Let me know if this info helps
Apparently, I figured out something and it worked. I think I didn't allowed the VPN pool network object and hence the issue.
Thanks a lot for all your help
Just a quick question, now, if we want to allow some other site-to-site vpn to remote user? same process? can we add multiple IPs?
Thanks a lot
So, I got a problem :(
Now, the VPN is working fine but site-to-site VPN is not working. Like from internal network I cannot ping to any of the servers in cloud but strangely I'm able to connect once I VPN to asa.
Let me know what i messed up. Sorry to bug you again
I'm going to guess that the NAT rules are not correct. Look in the log and generate some traffic. When it is broken see if you are getting NAT or xlate errors. That will confirm it.
Everything is working fine. I need to go bit deeper in this and allow my public IP of my AWS server to be accessed using VPN.
So, lets say one of my SQL server located in AWS has public IP 184.108.40.206 and I can access this server using my office WAP IP.
So now, if someone from outside doesn VPN to CiscoASA then they shud be able to rdp to 220.127.116.11
I know this has to do something with routing but unable to figure out how
is this possible? please let me know
Before we were talking about using the site to site VPN you add to Amazon.
If you want them to access it via your user to site VPN and then pop out over the Internet then add the public IP addresses of your AWS servers to the split tunnel ACL. You will also need to adjust your NAT configuration.
I did added the server IP to split tunnel ACL but still users unable to access servers using public IP.
Can you please share the config to adjust NAT.
It will be something like (where vpn-network=an object representing your VPN users):
object network vpn-network
nat (any,outside) dynamic interface
Thanks this worked. :-)
Just curious to know, I hope my network is not exposed to outside world by doing these configs and allowing access thru internet?
Really appreciate all your help
What is ip name-server for?
also, how do i configure dns of ISP?
I'm going to server DHCP from the firewall itself. So, clients should get DNS of ISP from the firewall itself.
Thanks for help