09-15-2010 02:00 AM - edited 02-21-2020 04:50 PM
Hi,
I'm running VPN between two sites using 2 ASA 5505.
Also I want that RA-VPN which is hosted in both ASA.
My need is to remove one of the RA-VPN access and keep only one, but need to be able to reach the second site.
I did a split-tunnel with both LANs. But I still not able to get the route in my computer when I connect to the RA-VPN.
Is it possible? And how?
Solved! Go to Solution.
09-15-2010 05:33 AM
A few things that needs to be configured for remote access vpn to access the remote site-to-site vpn LAN:
1) On the site-to-site tunnel crypto ACL, it needs to include the remote vpn client ip pool subnet as follows:
On the ASA that terminates the vpn client: permit ip
On the remote ASA that terminates the site-to-site tunnel: permit ip
2) On the ASA that terminates the vpn client: same-security-traffic permit intra interface
3) On the remote ASA that terminates the site-to-site tunnel: NAT exemption ACL needs to include traffic from remote LAN towards the IP Pool subnet.
Plus the split tunnel ACL that includes both subnets which I believe you already configured.
Hope that helps.
09-15-2010 05:33 AM
A few things that needs to be configured for remote access vpn to access the remote site-to-site vpn LAN:
1) On the site-to-site tunnel crypto ACL, it needs to include the remote vpn client ip pool subnet as follows:
On the ASA that terminates the vpn client: permit ip
On the remote ASA that terminates the site-to-site tunnel: permit ip
2) On the ASA that terminates the vpn client: same-security-traffic permit intra interface
3) On the remote ASA that terminates the site-to-site tunnel: NAT exemption ACL needs to include traffic from remote LAN towards the IP Pool subnet.
Plus the split tunnel ACL that includes both subnets which I believe you already configured.
Hope that helps.
09-15-2010 06:25 AM
I was missing N03
And that's TRUE, I have to include it on the s2s link.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: