Showing results for 
Search instead for 
Did you mean: 

site to site VPN through remote access vpn

I faced an issue of accessing site site vpn through remote access. the senario as follows:-

i logged into my private network through remote access vpn but I cannot access site to site vpn through it.

I tried alll the options .. any one can guide me... the concept to accessing site to site vpn through remoteaccess vpn... eo we need to have seperate vpn tunnel to site to site vpn... or same site to site can we route into that ooo or pix can route traffic site to site vpn through remote access vpn. Any one can give me the concept.. I just certified CCNA

i WOULD BE greate ful to you


first u havnt mentioned the site to site between pix and router or ASA

any way the general idea is

first on the hub vpn termination device(the device that u connect to through ur remote access vpn)

u should have accesst list that match traffic from that network to the other site network

the ACL called interesting taffic

add to this ACL another line that include the vpn remote access Ip address pool range

lets say ur vpn pool is and the remote site that u connect to thorugh site to site is

and the hub private network where u r connecting to through vpn is

lets say u have already acl like(for our example )

acccess-list 100 permit ip


access-list 100 permit ip

also u should have what is called nat exmption NAT 0

here i am assuming u r using PIX or ASA version 7.x

acccess-list 101 permit ip


access-list 101 permit ip

nat (iside) 0 access-list 101

there is important command that u should add it on the hub firewall to allow the connection inter and exit the same interface which is:

same-security-traffic intra-interface

command in the global configuration mode

now what u have to do on the remote site

is to permit the returning traffic as follow

add a line to the existed vpn ACL as above that going to the hub site

add one sourced from the remote network in our example 20.0.0./24 and going to vpn pool

laso the same idea do it for the NAT 0

and should work

and the following link will guid u step-by-step to achive ur case

if u use router check the following

good luck

Please, Rate if helpful

Content for Community-Ad