cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

108
Views
0
Helpful
1
Replies
Beginner

AnyConnect user access to remote IPsec LAN

Hi All, I'm trying to give my remote AnyConnect users access to a network that is connected via an IPsec tunnel (ASA 5510 IPsec) from our main LAN.

AnyConnect VPN user----->ASA 5510 Local-LAN ----->IPsec tunnel ----->ASA 5510 Remote-LAN

AnyConnect user access this --------------------------------------------------------------------------------------> ASA 5510 Remote-LAN

AnyConnect ip pool 192.168.117.0/24

Local-LAN ip 192.168.112.0/24

Remote-LAN ip 192.168.133.0/24

I have in my config:

access-list Split-Tunnel standard permit 192.168.133.0 255.255.255.0 (Remote-LAN ip)
object network RESI_ANYCONNECT
 subnet 192.168.117.0 255.255.255.0
object network IPSEC-HOSTS
 subnet 192.168.133.0 255.255.255.0
nat (outside,outside) source static IPSEC-HOSTS IPSEC-HOSTS destination static RESI_ANYCONNECT RESI_ANYCONNECT

same-security-traffic permit intra-interface

Cheers for any sugestions

ASA has 8.4(4)

1 REPLY 1
Highlighted
Beginner

Create 2nd IPsec SA (add VPN

Create 2nd IPsec SA (add VPN network and remote network), create NAT exempt rule fo VPN network with destination of remote network.

Send VPN users remote network with standard access list.