11-29-2010 02:52 PM - edited 02-21-2020 05:00 PM
I need our VPN users to be able to access our remote site (Site-to-Site VPN), there is no problem accessing the main site through the VPN. Both sites crypto map have the VPN pool in the crypto map.
Any ideas?
Here is the config Main Site (ASA5520) Inside 192.168.50.0
access-list crypto_vpn_remote-site extended permit ip 192.168.50.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list crypto_vpn_remote-site extended permit ip 192.168.99.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.99.0 255.255.255.0 172.16.1.0 255.255.255.0
Remote Site (PIX 515E) Inside 172.16.1.0
access-list crypto_vpn_main-site permit ip 172.16.1.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list crypto_vpn_main-site permit ip 172.16.1.0 255.255.255.0 192.168.99.0 255.255.255.0
access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.99.0 255.255.255.0
VPN (AnnyConnect) 192.168.99.0
Solved! Go to Solution.
11-29-2010 03:43 PM
On the main site, pls make sure you have "same-security-traffic permit intra-interface" enabled.
Also, if you have split tunnel configured, please also make sure that it includes the remote LAN (172.16.1.0/24).
Hope that helps.
11-29-2010 03:43 PM
On the main site, pls make sure you have "same-security-traffic permit intra-interface" enabled.
Also, if you have split tunnel configured, please also make sure that it includes the remote LAN (172.16.1.0/24).
Hope that helps.
11-30-2010 09:06 AM
That fixed the issue.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide