Solved: How to allow remote VPN Sessions to communicate

techinneed · ‎05-18-2013

Hello All,

I am trying to figure out how to allow remote VPN client sessions to communicate. For example, if my manager was connected via VPN into the office and needed me to troubleshoot something on his laptop, I can VPN also into the office and RDP into his laptop. Not sure if this can be done painlessly.

Here is a brief output of my config. Remote client VPN sessions work fine. It is only when I try to access other client VPN sessions is where I have a problem.

Thanks is advance!

fw# sho run

: Saved

:

interface Ethernet0/0

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet0/1

nameif outside

security-level 0

ip address 4.4.1.8 255.255.255.252

!

interface Ethernet0/2

!

interface Ethernet0/3

!

same-security-traffic permit inter-interfa

same-security-traffic permit intra-interface

access-list outside_in extended permit icmp any any

access-list split_tunnel standard permit 192.168.1.0 255.255.255.0

access-list inside_access_in extended permit ip any any

access-list outside_access_in extended permit ip any any

access-list nonat extended permit ip any 10.10.10.0 255.255.255.0

ip local pool vpn 10.10.10.1-10.10.10.15 mask 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 4.4.1.7 1

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto dynamic-map inetdyn_map 20 set transform-set ESP-DES-SHA

crypto map inet_map 65535 ipsec-isakmp dynamic inetdyn_map

crypto map inet_map interface outside

crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map inside_map interface inside

crypto isakmp identity address

crypto isakmp enable inside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp nat-traversal 21

group-policy vpnipsec internal

group-policy vpnipsec attributes

wins-server value 192.168.1.5

dns-server value 192.168.1.5

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

default-domain value moobie.com

tunnel-group vpnipsec type remote-access

tunnel-group vpnipsec general-attributes

address-pool vpn

default-group-policy vpnipsec

tunnel-group vpnipsec ipsec-attributes

pre-shared-key nope

!

Varinder Singh · ‎05-18-2013

Hi,

You need to allow vpn pool in split tunnel, Here is what you have to do

access-list split_tunnel standard permit 10.10.10.0 255.255.255.0

same-security-traffic permit intra-interface

Regards,

Varinder

P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

Regards, Varinder P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

View solution in original post

Varinder Singh · ‎05-18-2013

Hi,

You need to allow vpn pool in split tunnel, Here is what you have to do

access-list split_tunnel standard permit 10.10.10.0 255.255.255.0

same-security-traffic permit intra-interface

Regards,

Varinder

P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users

Regards, Varinder P.S. Please mark this post as 'Answered' if you find the above information helpful so that it brings goodness to other community users