Solved: Re: AnyConnect VPN connection access site-to-site VPN remote

gjohnson1963 · ‎11-29-2010

I need our VPN users to be able to access our remote site (Site-to-Site VPN), there is no problem accessing the main site through the VPN. Both sites crypto map have the VPN pool in the crypto map.

Any ideas?

Here is the config Main Site (ASA5520) Inside 192.168.50.0

access-list crypto_vpn_remote-site extended permit ip 192.168.50.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list crypto_vpn_remote-site extended permit ip 192.168.99.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.99.0 255.255.255.0 172.16.1.0 255.255.255.0

Remote Site (PIX 515E) Inside 172.16.1.0

access-list crypto_vpn_main-site permit ip 172.16.1.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list crypto_vpn_main-site permit ip 172.16.1.0 255.255.255.0 192.168.99.0 255.255.255.0

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.99.0 255.255.255.0

VPN (AnnyConnect) 192.168.99.0

Jennifer Halim · ‎11-29-2010

On the main site, pls make sure you have "same-security-traffic permit intra-interface" enabled.

Also, if you have split tunnel configured, please also make sure that it includes the remote LAN (172.16.1.0/24).

Hope that helps.

View solution in original post

Jennifer Halim · ‎11-29-2010

On the main site, pls make sure you have "same-security-traffic permit intra-interface" enabled.

Also, if you have split tunnel configured, please also make sure that it includes the remote LAN (172.16.1.0/24).

Hope that helps.

gjohnson1963 · ‎11-30-2010

That fixed the issue.

Thanks