05-27-2020 03:29 PM
Greetings,
Problem:
I have set up a site-to-site VPN between two sites that works just fine.
VPN User connects to Site A and can access resources but, when connected to Site A they are not able to reach any resources at site B via the Site-To-Site tunnel. How do I add Site B network to allow VPN Users to access both Site A and Site B?
Thanks
05-28-2020 12:02 AM
You should allowed the Any connect pool IP addres - in ACL of site to site VPN
05-28-2020 12:45 AM
Hi,
As well as modifying the ACL to define the interesting traffic for the VPN to include the RAVPN IP Poo networks, you will also need to configure the command same-security-traffic permit intra-interface which allows traffic to hairpin, and route back out the same interface it came in on.
Also you will probably need a NAT exemption rule, to ensure traffic is not unintentially natted from the RAVPN pool to SITEB networks. E.g:-
nat (OUTSIDE,OUTSIDE) source static RAVPN-NETWORKS RAVPN-NETWORKS destination static SITEB-NETWORKS SITEB-NETWORKS
The source and destination interface would be the name of the outside interface to which the VPN tunnels are terminated, but may not necessarily be called OUTSIDE.
HTH
05-28-2020 09:40 AM
Just to get a clearer understanding I need to add (in this order)
1. Any connect pool IP address - add a new ACL for site to site VPN for interesting traffic which is; list below
(access-list 100 line 1 extended permit ip object SITE A object SITE B ) and (access-list 100 line 1 extended permit ip object VPN_POOL object SITE B)
2. Add command same-security-traffic permit intra-interface (Which is already existing)
3. A new NAT exemption rule
05-28-2020 10:03 AM
Yes, all of those configuration is required. You ACL seems ok, just make sure the other sites’ vpn is reconfigured to include the Vpn_pool network as well.
05-28-2020 02:19 PM
I have configurated both sides and have done packet traces and both are successfully both ways but still cant hit SITE B from my Any connect client
Thanks for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide