cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1432
Views
5
Helpful
4
Replies
Highlighted
joe Beginner
Beginner

Accessing branch offices connected to main office via L2L VPN through RA VPN

                   Hi All

I am trying to configure access to several remote offices for users who VPN into our main datacenter.  The datacenter has a 5520, and the branches are connected through IPSec L2L VPNs.  Branches all have 5505 or 5510's.  Remote users use IPSec via the Cisco remote Client.  Remote access into our data center works, and the L2L VPNs are perfect...just now that i need remote users to access the branches

after Remote access VPNing (for support) i cant get that part to work.

Any help would be appreciated!

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Accessing branch offices connected to main office via L2L VPN th

For vpn client to access the branch office subnet via the Main site ASA, you would need to configure the following:

1) If you have split tunnel, it needs to include the branch subnet in the split tunnel ACL.

2) Enable "same-security-traffic permit intra-interface" on the Main site ASA.

3) Configure the vpn client pool subnet in the lan-to-lan tunnel towards the branch.

On the Main site, crypto ACL to one of the branch should say:

permit ip

On the branch site, crypto ACL to the main site should say:

permit ip

4) On the branch site, should also include NAT exemption between the branch subnet towards the vpn pool subnet.

5) After all the above changes, you would need to clear the tunnel, so the ipsec lan-to-lan tunnel gets reestablish with the new subnet included.

Hope that helps.

4 REPLIES 4
Cisco Employee

Accessing branch offices connected to main office via L2L VPN th

For vpn client to access the branch office subnet via the Main site ASA, you would need to configure the following:

1) If you have split tunnel, it needs to include the branch subnet in the split tunnel ACL.

2) Enable "same-security-traffic permit intra-interface" on the Main site ASA.

3) Configure the vpn client pool subnet in the lan-to-lan tunnel towards the branch.

On the Main site, crypto ACL to one of the branch should say:

permit ip

On the branch site, crypto ACL to the main site should say:

permit ip

4) On the branch site, should also include NAT exemption between the branch subnet towards the vpn pool subnet.

5) After all the above changes, you would need to clear the tunnel, so the ipsec lan-to-lan tunnel gets reestablish with the new subnet included.

Hope that helps.

joe Beginner
Beginner

Accessing branch offices connected to main office via L2L VPN th

Jennifer, thank you so very much for your complete, concise answer!  You made it easy, and i appreciate your prompt response!

Joe

Beginner

how I can do these process

how I can do these process using ASDM

Beginner

"same-security-traffic permit

"same-security-traffic permit intra-interface" did the job for me.

Thank you for helping out !