cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
0
Helpful
1
Replies
Highlighted
Beginner

How to access the local network of a tunneled site via cisco any connect

Hi all,

 

Hope you have a good day.

 

I have been wondering on why all remote users via cisco anyconnect cannot access the local network of a remote tunneled site?

 

The scenario is i have a 2 sites the Site A connected via Site to Site VPN to Site B and i have setup a cisco anyconnect VPN in Site A and now i want the remote users to access the local network of Site A (apparently they can access it now) and also the local network of Site B (they cannot access it now and no cisco any connect VPN setup on this site).

 

anyone can show me a sample configuration for Cisco ASA5506 either ASDM or CLI? 

 

one more thing:

 

I have a problem with my cisco anyconnect VPN. Everytime we connect to it and try to browse any browser, i get a very slow connection sometimes it gives me no internet connection.

 

Hope to hear from you soon.

 

Thank you so much everyone 

 

 

 

Everyone's tags (1)
1 REPLY 1
Highlighted
Cisco Employee

Re: How to access the local network of a tunneled site via cisco any connect

Hello Herald,

 

I believe the topology right now is:-

 

----networkX ---Site A====site to site IPSEC====SiteB-- --networkY---

                            ||

                            ||

                   Anyconnect ( PoolZ)

 

Let's assume the local network behind Site A is  networkX , Site B is networkY and Anyconnect ip pool is defined by PoolZ.


you have a crypto acl on Site A  which has an ACE (networkX to networkY) similarly on Site B (networkY to networkX)
On Site A, please add to these ACL's ( PoolZ to networkY ) and on Site B ( networkY to PoolZ), you will of course have to define an object or network, wont be able to add the pool directly.
 on the Anyconnect config, You will need to add the networkY to the split ACL so the anyconnect users have access to this network behind Site B. This will work only if the Anyconnect split tunnel policy is "includeall". 

 

Make sure you have a nat statement defined on the outside interface of Site A which will exempt traffic going from Anyconnect to Site B, it will be outside interface to outside interface.

something like this:-

nat (outside,outside) source static poolZ poolZ destination static networkY networkY

I have assumed that you have an ASA however even if you are using routers, the logic remians the same.

Let me know if you face any issues.

Regards

Shikha Grover

PS: Please don't forget to rate and select as validated answer if this answered your question