cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

617
Views
0
Helpful
1
Replies
Highlighted
Beginner

SSL VPN users cannot see across site-to-site

We have an ASA 5510 at site A and ASA 5505 at site B, connected together using a site-to-site SSL VPN.

Site A has an internal IP range of 192.168.0.x

Site B has an internal IP range of 192.168.10.x

AnyConnect VPN users have an internal IP range of 192.168.50.x

The anyconnect VPN goes via the 5510 at site A.

People at site A or B can see the alternate site fine internally, but those using the anyconnect VPN cannot see site B, only site A.

I'm not particular great with the CLI, so most of the management is done with the ASDM on both sites.

Does anyone have any suggestions as to what's causing this, or what I can do to resolve it?

I can post running configs of both sites if necessary.

Need to resolve this asap, as we're going to be relying on it alot more in about a week!!

TIA

1 REPLY 1
Advocate

Re: SSL VPN users cannot see across site-to-site

For encrypted traffic to enter an interface - to then be re-enrytped and exit the same interface requires explict configuration.

1) Amend your site to site interesting traffic ACL to include the IP addresses assigned to SSL users.

2) Amend your site to site NAT rules to include the IP addresses assigned to the SSL users.

3) Configure "same-security-traffic permit intra-interface"

All the above can be done by the GUI.

HTH>