10-22-2008 12:58 AM - edited 02-21-2020 04:00 PM
We have ASA 5510 which terminate Remote VPN clients as CVPN client and also hardware base client (Cisco IOS routers). How can we do that CVPN client when a connected to ASA has access at remote sites (through ASA, hub-spoke) which connected with hardware VPN clients (which work in auto mode with network extension). Is it possible?
10-22-2008 01:18 AM
MUSTAFA,
You have to ensure that the VPN client IP Subnet is also part of the encryption domains to the remote sites.
Then you have to enable "same-security-traffic permit intra-interface"
HTH>
10-22-2008 03:56 AM
We have an IP pool for CVPN clients:192.168.254.0/24 but hardware clients have own LAN networks for example: 192.168.2.0/24, 192.168.3./24 etc. What must I do in this case?
10-22-2008 04:24 AM
The encryption domains must include the 192.168.254.0/24 to be able to encrypted and decrypted from the remote sites.
Something like:-
access-list vpn-site-a permit ip 192.168.254.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list vpn-site-b permit ip 192.168.254.0 255.255.255.0 192.168.3.0 255.255.255.0
HTH>
10-22-2008 05:01 AM
Also make sure that all the (no)nat rules are correctly in place. I've created a similair sollution once for a customer and had some difficulties with that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide