Solved: Use client VPN tunnel to traverse LAN-to-LAN tunnel

baskervi · ‎04-17-2007

I've been troubleshooting a problem and can't get over a hurdle. The ASA is running ASA running 7.2(1)24 code. I'm trying to use a client VPN tunnel to connect to the ASA. The ASA already has a LAN-to-LAN tunnel set up and functioning, and I need the client VPN to access the remote site over the LAN-to-LAN tunnel.

The internal IP address of the local side is 192.168.0.0/24 and the IP of the remote LAN-to-LAN tunnel is 172.20.1.0/24. The clients are handed out 192.168.200.0/24 IPs. I've attached the relevant configuration for the ASA.

When the client VPNs into the network, I can access the resources on the ASA's internal network. Users on the ASA's internal network can access resources across the LAN-to-LAN tunnel. Client VPNs cannot access resources over the LAN-to-LAN tunnel. For the latter, there are no hits on the C-TEST access list.

Thank you for your assistance.

acomiskey · ‎04-17-2007

try adding...

same-security-traffic permit intra-interface

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a00806370f2.html#wp1042114

View solution in original post

acomiskey · ‎04-17-2007

try adding...

same-security-traffic permit intra-interface

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a00806370f2.html#wp1042114

port · ‎04-17-2007

We have the exact same issue however we are running pix 6.3(5). Is there a command in this release to do the same?

acomiskey · ‎04-17-2007

Unfortunately no.

baskervi · ‎04-17-2007

This solved the problem. By the way, where do you go to mark this as the solution?

acomiskey · ‎04-17-2007

It's already marked, I guess you figured it out. Glad it helped.