Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
5
Replies

Need Help - ASA 5520 VPN issues

Go to solution
dclee
Level 1
Level 1

‎05-27-2011 12:09 PM

Trying to simulate our recovery setup in the lab. I have 2 ASA 5520's that have a site - site tunnel between them.

That is working fine

But I also have a requirement for remote access into one of the ASA's, which once connected needs to route across

the site - site tunnel to another server on the other side.

So far the remote access piece connects fine, I can access all locally connected networks but I can seem to get the traffic

to route across the site - site tunnel to the other side.

Is this doable ? If so if there are any suggestions that would be appreciated.


Cheers

Dave

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dclee

‎05-27-2011 12:59 PM

The command is not applied to a specific interface.

The command enables the functionality on the ASA to receive traffic from the VPN clients on the outside interface and send it out via the same outside interface through the L2L tunnel (and vice versa).

Federico.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-27-2011 12:32 PM

Hi Dave,

You can do it.

You need to enable ''same-security-traffic permit intra-interface'' to allow u-turn (out the same interface).

Also, include in the ACL for the L2L tunnel, the VPN client pool, and add to the ACL of the split-tunneling (for the clients), the remote L2L network.

In this way, the VPN clients can connect and can also reach the far side through the L2L tunnel.

You might need to look that is either not configured for this traffic or configured correctly.

Hope it helps.

Federico.

0 Helpful

Go to solution
dclee
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-27-2011 12:52 PM

Appreciate the reply...Just so we are clear....

My inside network on the ASA#1 is 172.31.96.0 /19, my inside network on ASA #2 is 192.168.11.0 /24

My vpn client connects to ASA#1 and uses the VPN Pool 192.168.14.10 - .20

Site to Site is up between ASA #1 and #2, connectivity from 172.31.96.0 to 192.168.11.0 is good.

If my vpn client is connecting into ASA#1 and receives an ip of 192.168.14.10, which interface on ASA#1 would I apply

the ''same-security-traffic permit intra-interface''  to ?? The inside interface ??

Cheers


dave

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dclee

‎05-27-2011 12:59 PM

The command is not applied to a specific interface.

The command enables the functionality on the ASA to receive traffic from the VPN clients on the outside interface and send it out via the same outside interface through the L2L tunnel (and vice versa).

Federico.

0 Helpful

Go to solution
dclee
Level 1
Level 1
In response to Federico Coto Fajardo

‎05-27-2011 01:00 PM

Yes sir that was it !!! Thanks for the help.

Cheers

dave

0 Helpful

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to dclee

‎05-27-2011 01:01 PM

Glad I could help ;-)

Thank you.

Federico.

0 Helpful
Customers Also Viewed These Support Documents