cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
314
Views
0
Helpful
2
Replies

ASA5512X Anyconnect & Site to Site harmony

When I configured the Cisco Anyconnect client on our ASA5512X firewalls, I configured split tunneling and told it to tunnel the network range of our internal network.  My thought here was that all internet traffic would not go through the tunnel...only that traffic that was bound for the internal network. 

Since configuring AnyConnect (which is working fine BTW), we had a requirement to configure a site-to-site VPN tunnel into Amazon AWS.  I muddled through the AWS documentation and was able to get the Site to Site tunnel working, so now each tunnel co-exists fairly happily...that is as long as I am internal to the network.

So, herein lies the issue...when I connect to the AnyConnect client, I get access to the internal network resources...no problem.  I cannot, however, access the resources in the Amazon AWS cloud.  I suspected that my split tunneling was to blame, so I went back and added the AWS ranges to the tunnel networks list.  Unfortunately, this still does not work.

So...is this even possible?  It seems to me that there should be an internal route that I can setup on the ASA that would route the traffic bound for 172.16 addresses from the AnyConnect connection and back out through the IPSec tunnel to AWS.

Does anybody have experience with this?  We're running 9.1.3 on our 5512X if that makes a difference.

Thanks in advance!

 

nate

1 Accepted Solution

Accepted Solutions

Could be that you are just missing the following command:

same-security-traffic permit intra-interface

View solution in original post

2 Replies 2

Could be that you are just missing the following command:

same-security-traffic permit intra-interface

That did the trick!  Many thanks!