cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
215
Views
5
Helpful
2
Replies
Beginner

Anyconnect client cant connect to another subnet behind ASA

Hi !

Have a problem with a routing, I guess.

A laptop connect to ASA1 with anyconnect. I can connect to subnet 192.168.2.0 with no problem, but cant reach  LAN-B (ASA2).

Connection between Lan-A and Lan-B work properly.

I added vpn-pool subnet to nat and acl - but still nothing.

Can somebody help me whith some advice ?

Untitled Diagram.jpg

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Anyconnect client cant connect to another subnet behind ASA

Hi vitaliyglioza,

 

You have the ACL of the interesting traffic right but you are missing the uturn nat to allow the traffic coming from the AnyConnect to go back through the outside through a S2S tunnel:

 

nat (out,out) source static NETWORK_OBJ_10.200.200.0_25 NETWORK_OBJ_10.200.200.0_25 destination static Glevakha_192.168.1.0 Glevakha_192.168.1.0 no-proxy-arp route-lookup

same-security-traffic permit intra-interface

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

 

2 REPLIES 2
Highlighted
Cisco Employee

Re: Anyconnect client cant connect to another subnet behind ASA

Hi vitaliyglioza,

 

You have the ACL of the interesting traffic right but you are missing the uturn nat to allow the traffic coming from the AnyConnect to go back through the outside through a S2S tunnel:

 

nat (out,out) source static NETWORK_OBJ_10.200.200.0_25 NETWORK_OBJ_10.200.200.0_25 destination static Glevakha_192.168.1.0 Glevakha_192.168.1.0 no-proxy-arp route-lookup

same-security-traffic permit intra-interface

 

Hope this info helps!!

 

Rate if helps you!! 

 

-JP- 

 

Beginner

Re: Anyconnect client cant connect to another subnet behind ASA

Thanks a lot !

I dont know why I forget about nat ?))

P.S. The most quick and helpful solution for me on this forum.