Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
10
Helpful
2
Replies

Created a site to site VPN with 5506 and AWS, how do I allow remote access clients?

Pete Johnstone
Level 1
Level 1

‎10-11-2017 07:09 AM - edited ‎03-12-2019 04:37 AM

So I've successfully created a VPN tunnel (well 2 actually) between a 5506 and AWS, and you can successfully hit AWS instances from servers behind the 5506.  

 

I used the documentation supplied by AWS and Cisco for setting this connection up using the VTI (first time doing this).

 

That said, I would like to allow remote access clients to also be able to connect to AWS instances directly from their machines, rather than having to connect via one of the servers.

 

I'm drawing a blank at the moment, figured I'd ask in case there is a simple answer that I'm not seeing.

Labels:
0 Helpful
2 Replies 2

GioGonza
Level 4
Level 4

‎10-11-2017 07:42 AM

Hello @Pete Johnstone,

 

You need to perform a U-Turn or hairpinning, the idea is to connect your remote users on the ASA and then send the traffic through the Site to Site VPN tunnel with AWS. You need to keep in mind that AWS only allows one entry on the Encryption Domain ACL so if you don´t any (as they recommend) there will be some additional changes you need to do in order to make it work. 

 

Can you share your config to verify the exact command you need to apply?

 

HTH

Gio

Kias
Level 1
Level 1

‎10-11-2017 09:19 AM

Hi,

 

You could follow this as a prototype.

 

https://supportforums.cisco.com/t5/lan-switching-and-routing/cisco-asa-5512-x-hairpinning-anyconnect-users-to-azure-vms/m-p/3192869#M392800

 

Regards,

 

Kias

 

Kias
Fonicom Limited
raiseaticket Malta
Customers Also Viewed These Support Documents