cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1099
Views
0
Helpful
2
Replies

Client VPN connects to main site but cannot access "remote" WAN sites?

dkraut
Level 1
Level 1

For reference, I have a Microsoft VPN that allows me to connect to our main office and all remote WAN sites. 

However, when I use the Cisco Client VPN to my newly installed ASA, I can access the main office and all local resources, but when I try to ping or access remote WAN resources, I get nothing?  I've tried split tunneling (on and off), but neither allow me to get to my remote WAN sites.  This is not the typical NAT position issue.  I can access all servers at the main office fine, I just cannot access my remote sites across the WAN.  Any ideas?                  

2 Replies 2

mvsheik123
Level 7
Level 7

Hello,

If necessary NAT config existing , then it may be related to routing from WAN locations. Make sure all WAN locations have route to remote subnet and ASA can reach all WAN locations as well.

hth

MS

you need:

1) Hairpinning enabled: same-security-traffic permit intra-interface

2) Crypto-ACL for S2S needs to include the VPN-Pool for traffic from the clients to the remote-site

3) NAT-Exemption (if nat is used on the outside interface) must include this traffic as well

4) If using Split-tunnel, the remote-site-network needs to be included also

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: