cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
951
Views
0
Helpful
2
Replies
dkraut
Beginner

Client VPN connects to main site but cannot access "remote" WAN sites?

For reference, I have a Microsoft VPN that allows me to connect to our main office and all remote WAN sites. 

However, when I use the Cisco Client VPN to my newly installed ASA, I can access the main office and all local resources, but when I try to ping or access remote WAN resources, I get nothing?  I've tried split tunneling (on and off), but neither allow me to get to my remote WAN sites.  This is not the typical NAT position issue.  I can access all servers at the main office fine, I just cannot access my remote sites across the WAN.  Any ideas?                  

2 REPLIES 2
mvsheik123
Rising star

Hello,

If necessary NAT config existing , then it may be related to routing from WAN locations. Make sure all WAN locations have route to remote subnet and ASA can reach all WAN locations as well.

hth

MS

you need:

1) Hairpinning enabled: same-security-traffic permit intra-interface

2) Crypto-ACL for S2S needs to include the VPN-Pool for traffic from the clients to the remote-site

3) NAT-Exemption (if nat is used on the outside interface) must include this traffic as well

4) If using Split-tunnel, the remote-site-network needs to be included also

Create
Recognize Your Peers
Content for Community-Ad