Remote Access VPN on ASA 5540 version 8.4

Abdul Azeem · ‎05-23-2013

Hi all,

I have two Firewalls one on MAIN site and another on BR site. I have configured RA VPN for both and i am able to access the internal networks of respective Firewalls. But the requirement is i want to connect to the Main site through RA VPN and access the BR SITE internal networks through that connection. Response awaited and appreciated.

Marcel Verbruggen - Pennings · ‎05-23-2013

Is there a WAN connection (site 2 site VPN) from the main site to the BR site?

If not, that would be the best way of setting this up.

Abdul Azeem · ‎05-26-2013

Hi Marcel,

Thanks for the response, I do have the WAN connection, and site 2 site vpn configured on it.

But currently the connectivity between the Sites is through separate Wireless Point to Point link.

And the External Link (WAN) is used for external networks like internet. And Site 2 Site vpn is as a backup.

If the Point to Point link fails.

Note:- Is it not possible through Remote-Access VPN.

Regards,

Abdul Azeem

Marcel Verbruggen - Pennings · ‎05-27-2013

It should be possible (depending on the IP routing configured) to reach the BR site when logged on to the main site through remote access.

Can you give me more details regarding your setup?

Andrew Phirsov · ‎05-27-2013

As far as I understand, you have s2s connection between HQ and RO, and want to be able to access RO subnet when connecting to HQ through RAVPN (using VPN Client). So I don't see any problems here. You just have to include your VPN-pool to the proxy-ACL (ACL applied in the crypto-map for s2s connection), so traffic from/to VPN-clients will be classified as "interesting", plus you'd have to add traffic from the pool to the "nat exception" rules, on the way from HQ to the RO.