12-01-2010 10:24 AM
Hi,
We have several conection trought Cisco soft VPN client and hardware VPN witch Cisco ASA 5505. Our Main VPN Is an ASA 5520 with the same public interface for soft and hardware VPN. All VPN conection is trought this equiment I mean soft and hardware with little ASA 5505.
My question is, why soft vpn ip network 10.12.2.0/24 can't talk to network 10.80.0.0/16 for our hardware vpn. Is not an ip route because ASA 5520 is used for built all this VPN but is maybe a ACL or someting like that.
Thanks you for your help.
12-01-2010 10:32 AM
Hi,
To allow traffic from one VPN to communicate across another VPN you need to allow u-turn.
same-security-traffic permit intra-interface
Without the above command, the ASA will not reroute traffic backout the same interface in which it receive it (in this case the outside interface).
Federico.
12-01-2010 11:43 AM
Hi Federico,
Do you know if enter this command will drop all VPN conection?
Thanks
12-01-2010 11:48 AM
Federico,
I check with CLI to my ASA and I saw the command same-security-traffic permit intra-interface.
I maybe an ACL I will need to add?
Thanks
12-02-2010 06:16 AM
Besides allowing u-turn you need to include the interesting traffic correctly.
ie.
You have:
Central site, Site A, Site B
To allow Site A to talk to Site B through the tunnel to Central Site, you need to include Site A LAN in the tunnel to Site B and vice versa.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide