How to access the local network of a tunneled site via cisco any connect
Hope you have a good day.
I have been wondering on why all remote users via cisco anyconnect cannot access the local network of a remote tunneled site?
The scenario is i have a 2 sites the Site A connected via Site to Site VPN to Site B and i have setup a cisco anyconnect VPN in Site A and now i want the remote users to access the local network of Site A (apparently they can access it now) and also the local network of Site B (they cannot access it now and no cisco any connect VPN setup on this site).
anyone can show me a sample configuration for Cisco ASA5506 either ASDM or CLI?
one more thing:
I have a problem with my cisco anyconnect VPN. Everytime we connect to it and try to browse any browser, i get a very slow connection sometimes it gives me no internet connection.
Re: How to access the local network of a tunneled site via cisco any connect
I believe the topology right now is:-
----networkX ---Site A====site to site IPSEC====SiteB-- --networkY---
Anyconnect ( PoolZ)
Let's assume the local network behind Site A is networkX , Site B is networkY and Anyconnect ip pool is defined by PoolZ.
you have a crypto acl on Site A which has an ACE (networkX to networkY) similarly on Site B (networkY to networkX) On Site A, please add to these ACL's ( PoolZ to networkY ) and on Site B ( networkY to PoolZ), you will of course have to define an object or network, wont be able to add the pool directly. on the Anyconnect config, You will need to add the networkY to the split ACL so the anyconnect users have access to this network behind Site B. This will work only if the Anyconnect split tunnel policy is "includeall".
Make sure you have a nat statement defined on the outside interface of Site A which will exempt traffic going from Anyconnect to Site B, it will be outside interface to outside interface.
I am involved in rolling out about 40 wifi networks using cisco 3602/2802 aps and cisco 5508 ISE. Our network offers a 2 step authentication with user and machine certificates as well as users needing to be in correct AD groups. The problem we have i...
ASA Site-to-Site VPN using IKEV1 Configuration Example
Configure a Site-to-Site IPSec IKEv1 Tunnel Between an ASA and a Cisco IOS Router
Site-to-Site IKEv2 Tunnel between ASA and Router Configuration Examples
Site-to-Site VPN Tunnel wit...
Dear Community, So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th...
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...