Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

VPN issues

Svetoslav Simeonov
Level 1
Level 1

‎03-08-2014 02:46 AM

Hello all,

i have installed and connected the two laptops with cisco vpn clients /IPsec/ to the asa5505, the laptops get ip 10.10.110.x from the asa ip pool, and i have ping between laptop1 and the asa and laptop2 and the asa, but i don't have ping between the two laptops . I have created the Ipsec with split tunneling group2 . What am i doing wrong? Thanks!

Labels:
0 Helpful
1 Reply 1

laramire2
Level 1
Level 1

‎03-08-2014 01:10 PM

Hi,

If the clients are connecting to the same tunnel-group and you would like to allow communication within each other, you will need to configure the same-security-traffic permit intra-interface command on the ASA. This command lets traffic enter and exit the same interface, which is normally not allowed. This feature is useful for VPN traffic that enters an interface, but is then routed out the same interface. The VPN traffic might be unencrypted in this case, or it might be reencrypted for another VPN connection.

Example:

 

hostname(config)# same-security-traffic permit intra-interface

 

Also you will need to include the IP local pool (10.10.110.0/24) used by the VPN clients into the split-tunnel access-list.

 

Hope this helps,

 

Luis.  

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents