Hello,

I have 2 sites :

site A :

ASA 5510

VPN gateway for remote users

LAN 192.168.192.0/22

site B :

ASA 5505

LAN 192.168.208.0/22

Both sites are connected through a site to site VPN.

Remote clients (AnyConnect/VPN client) can connect to Site A LAN  and see machines on LAN A but cannot see Site B LAN.

What do I miss (maybe on both sides) ?

Any help appreciated.

Here is a part of my configuration :

On Site A (ASA 5510)

--------------------------------

name 192.168.192.0 SiteA_Internal_Network

name 192.168.208.0 SiteB_Internal_Network

name 192.168.133.0 VPNPool_AnyConnect

name 192.168.133.32 VPNPool_VpnClient

object-group network DM_INLINE_NETWORK_3

network-object VPNPool_AnyConnect 255.255.255.224

network-object VPNPool_VpnClient 255.255.255.224

network-object SiteA_Internal_Network 255.255.252.0

access-list External_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_3 SiteB_Internal_Network 255.255.252.0

nat (Internal) 0 access-list Internal_nat0_outbound

nat (Internal) 1 SiteA_Internal_Network 255.255.252.0

nat (External-DMZ) 0 access-list External-DMZ_nat0_outbound

static (Internal,External-DMZ) SiteA_Internal_Network SiteA_Internal_Network netmask 255.255.252.0

static (Internal,Internal-DMZ) SiteA_Internal_Network SiteA_Internal_Network netmask 255.255.252.0

static (External-DMZ,External) SiteA_ExternalDMZ_Network SiteA_ExternalDMZ_Network netmask 255.255.255.240

no vpn-addr-assign aaa

no vpn-addr-assign dhcp

vpn-addr-assign local reuse-delay 5

webvpn

enable External

svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1 regex "Windows NT"

svc image disk0:/anyconnect-wince-ARMv4I-2.3.0254-k9.pkg 2 regex "Windows CE"

svc image disk0:/anyconnect-macosx-i386-2.3.0254-k9.pkg 3 regex "Intel Mac OS X"

svc image disk0:/anyconnect-macosx-powerpc-2.3.0254-k9.pkg 4 regex "PPC Mac OS X"

svc image disk0:/anyconnect-linux-2.3.0254-k9.pkg 5 regex "Linux"

svc enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

dns-server value XXXXXXXXXXXXX

vpn-tunnel-protocol IPSec svc webvpn

ip-comp enable

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split-lan

default-domain value XXXXX

webvpn

  svc keepalive 30

  svc compression none

group-policy TG-ADM internal

group-policy TG-ADM attributes

vpn-tunnel-protocol IPSec

ip-comp disable

group-policy JSIgroup internal

group-policy JSIgroup attributes

vpn-tunnel-protocol IPSec svc webvpn

webvpn

  url-list none

  svc ask enable

tunnel-group DefaultRAGroup general-attributes

authentication-server-group RADIUS LOCAL

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool POOL-ANYCONNECT

authentication-server-group RADIUS LOCAL

dhcp-server XXXXXXXXXX

tunnel-group DefaultWEBVPNGroup webvpn-attributes

group-alias VPN-ACCESS enable

tunnel-group XXXXXXXXXXXX type ipsec-l2l

tunnel-group XXXXXXXXXXXXX ipsec-attributes

pre-shared-key XXXXXXXXXXXXXXXXXXXXXXXXXXX

tunnel-group TG-ADM type remote-access

tunnel-group TG-ADM general-attributes

address-pool POOL-ADM

authentication-server-group RADIUS LOCAL

default-group-policy TG-ADM

tunnel-group TG-ADM ipsec-attributes

pre-shared-key XXXXXXXXXXXXXXXXXXXXXX

On Site B (ASA 5505)

-------------------------------

name 192.168.192.0 SiteA_Internal_Network

name 192.168.133.32 AnyConnect

name 192.168.133.0 VPN_Client

object-group network DM_INLINE_NETWORK_2

network-object 192.168.133.0 255.255.255.224

network-object 192.168.133.32 255.255.255.224

network-object 192.168.192.0 255.255.252.0

object-group network DM_INLINE_NETWORK_1

network-object 192.168.133.0 255.255.255.224

network-object 192.168.133.32 255.255.255.224

network-object 192.168.192.0 255.255.252.0

access-list inside_nat0_outbound extended permit ip 192.168.208.0 255.255.252.0 object-group DM_INLINE_NETWORK_1

access-list inside_access_in extended permit ip 192.168.208.0 255.255.252.0 192.168.192.0 255.255.252.0

access-list inside_access_in extended permit object-group Traffic-Good 192.168.208.0 255.255.252.0 any

access-list outside_cryptomap_1 extended permit ip 192.168.208.0 255.255.252.0 object-group DM_INLINE_NETWORK_2

access-list outside_access_in extended deny ip any 192.168.208.0 255.255.252.0

access-list outside_access_in extended deny ip any 192.168.192.0 255.255.252.0

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0