Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
0
Helpful
2
Replies

VPN site 2 site though remote access

Go to solution
omar.elmohri
Level 1
Level 1

‎09-15-2010 02:00 AM - edited ‎02-21-2020 04:50 PM

Hi,

I'm running VPN between two sites using 2 ASA 5505.

Also I want that RA-VPN which is hosted in both ASA.

My need is to remove one of the RA-VPN access and keep only one, but need to be able to reach the second site.

I did a split-tunnel with  both LANs. But I still not able to get the route in my computer when I connect to the RA-VPN.

Is it possible? And how?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-15-2010 05:33 AM

A few things that needs to be configured for remote access vpn to access the remote site-to-site vpn LAN:

1) On the site-to-site tunnel crypto ACL, it needs to include the remote vpn client ip pool subnet as follows:

On the ASA that terminates the vpn client: permit ip

On the remote ASA that terminates the site-to-site tunnel: permit ip

2) On the ASA that terminates the vpn client: same-security-traffic permit intra interface

3) On the remote ASA that terminates the site-to-site tunnel: NAT exemption ACL needs to include traffic from remote LAN towards the IP Pool subnet.

Plus the split tunnel ACL that includes both subnets which I believe you already configured.

Hope that helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-15-2010 05:33 AM

A few things that needs to be configured for remote access vpn to access the remote site-to-site vpn LAN:

1) On the site-to-site tunnel crypto ACL, it needs to include the remote vpn client ip pool subnet as follows:

On the ASA that terminates the vpn client: permit ip

On the remote ASA that terminates the site-to-site tunnel: permit ip

2) On the ASA that terminates the vpn client: same-security-traffic permit intra interface

3) On the remote ASA that terminates the site-to-site tunnel: NAT exemption ACL needs to include traffic from remote LAN towards the IP Pool subnet.

Plus the split tunnel ACL that includes both subnets which I believe you already configured.

Hope that helps.

0 Helpful

Go to solution
omar.elmohri
Level 1
Level 1
In response to Jennifer Halim

‎09-15-2010 06:25 AM

I was missing N03

And that's TRUE, I have to include it on the s2s link.

Thanks

0 Helpful
Customers Also Viewed These Support Documents