Remote VPN access to site-to-site VPN

Kenneth Bergholm · ‎08-07-2015

ASA version 8.6

Hi ...

We have a remote VPN that works as it should when it comes to access the reourses on the LAN, we also have a site-to site VPN.on the same ASA firewall.

The problem is that I can't access the site-to-site VPN when we are using the remote vpn connection.

When we are the on LAN we can reach the reosurces on the site to site VPN.

Any hits tips how to solve this would be greatly appriciated.

Roger Base · ‎08-08-2015

Can you show me your config? Have you checked you secrurity levels and access-list to allow that kind of connection?

Kenneth Bergholm · ‎08-25-2015

Hi...

sorry for late response, will try your suggestsion and come back to you how it went

Karsten Iwen · ‎08-09-2015

There are a couple of things that have to be configured to make that work:

same-security permit intra-interface
include the RA IP-Pool in the crypto definition on both sides of the S2S VPN, on your ASA as source-network, on the other VPN-Gateway as the destination.
Make sure that the traffic doesn't get any NAT.

rizwanr74 · ‎08-21-2015

Hello Kenneth,

You need to create nat-examption for users-vpn-pool subnet and your remote-lan-tunnel subnet and this nat-examption for interface outsdie to outside, as you know both source and destination are coming off the same outside interface. Similarly you need permit via crytop acl as well, whichever acl is map to given lan-to-lan tunnel.

If remote-lan-tunnel administrator need to permits your users-vpn-pool in the crytop acl, then remote-lan-tunnel-administrator need to create nat-examption on his firewall as well.

Let me know, if this helps.

thanks