10-27-2017 01:31 AM - edited 03-05-2019 09:23 AM
Hi there,
my S2S Tunnel work's perfect:
192.168.1.0/24 <--> 192.168.200.0/24
I'm able to connect via AnyConnect and reach all Network devices on subnet
192.168.98.0/24 <--> 192.168.200.0/24
But i'm not able to route from VPN Connected Client to HQ
192.168.98.0 <--> 192.168.1.0/24 NOT WORKING!
Headquarters (192.168.1.0/24):
-------------------------------
object network DIALIN_SUBNET2
subnet 192.168.98.0 255.255.255.0
access-list VPN_splitTunnelAcl_1 standard permit 192.168.98.0 255.255.255.0
route inside 192.168.98.0 255.255.255.0 192.168.200.1 1
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Subnet 2 (192.168.200.0/24):
-----------------------------
object network Office_HQ
subnet 192.168.1.0 255.255.255.0
object network DIALIN_AnyConnect
subnet 192.168.98.0 255.255.255.0
access-list inside_access_in extended permit ip any4 object Office_HQ
access-list Cisco_DIALIN_AnyConnect extended permit ip object LOCAL_LAN object Office_HQ
access-list outside_cryptomap_HQ remark ** S2S VPN **
access-list outside_cryptomap_HQ extended permit ip 192.168.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_3
no arp permit-nonconnected
nat (inside,outside) source static any any destination static Office_HQ Office_HQ no-proxy-arp route-lookup
access-list VPN_splitTunnelAcl standard permit 192.168.200.0 255.255.255.0
access-list VPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list VPN_splitTunnelAcl standard permit 192.168.20.0 255.255.255.0
access-list VPN_splitTunnelAcl standard permit 192.168.95.0 255.255.255.0
access-list VPN_splitTunnelAcl standard permit 192.168.98.0 255.255.255.0
access-list VPN_splitTunnelAcl standard permit 192.168.99.0 255.255.255.0
access-list VPN_splitTunnelAcl standard permit any4
crypto map outside_map 1 match address outside_cryptomap_HQ
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer ************
crypto map outside_map 1 set ikev1 transform-set myset
crypto map outside_map interface outside
crypto ca trustpool policy
crypto isakmp identity address
crypto ikev1 enable outside
crypto ikev1 policy 9
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
same-security-traffic permit inter-interface
same-security-traffic permit intra-Interface
any suggestions please ?
Solved! Go to Solution.
10-27-2017 03:54 AM
Hi @MikeMeier
Do you know explain what this NAT does ?
nat (inside,outside) source static any any destination static Office_HQ Office_HQ no-proxy-arp route-lookup
-If I helped you somehow, please, rate it as useful.-
10-27-2017 03:54 AM
Hi @MikeMeier
Do you know explain what this NAT does ?
nat (inside,outside) source static any any destination static Office_HQ Office_HQ no-proxy-arp route-lookup
-If I helped you somehow, please, rate it as useful.-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide