cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
0
Helpful
3
Replies

Site2site VPN anyconnect

mfilipovski
Level 1
Level 1

Hi!

I have a working site2site network with 7 ASA connecting to the main ASA. If you connect with anyconnect to the mail asa you can access all offices through VPN.

I have enabled that you can access the SSL portal on the inside interface to let users install the client from the LOCAL lan. This only works for the users on the LAN where the main ASA is. I would like the other offices access this aswell but i don´t get it to work.

I have changed the management port to 14443 and enabled management access on the inside interface. I can connect with ASDM but surfing to https://insideinterfaceIP on the main ASA don´t work from the offices. Some rule i missed?

ASA version 8.25 all over the place

3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Cant this simply be done using the "outside" interface of the main ASA for user from remote locations?

Generally you run into problem when your try to reach an IP address thats on a remote interface looking from a client hosts perspective.

Why do the Main ASA sites users need to install the client from the LAN also? Arent they anyway connecting from the "outside" when they are out of office? Why not install the client then?

- Jouni

Hi,

Yes i thought of this aswell.  Well it was someone who asked if it was possible to be at a remote offce but i will instruct them to connect when outside

Hi,

I think there should be no problem for them to connect to the Main ASA from the remote site LAN also. (wihtout being outside that remote site LAN I mean)

Depends on the L2L VPN configuration if the connection to the Main site ASA goes either through public Internet or through the actual L2L VPN.

- Jouni