07-12-2007 07:48 AM - edited 02-21-2020 03:09 PM
What do I need to setup to allow remote VPN Clients to be able to access networks that are connected via VPN Site to Site.
Example:
Main Firewall has a VPN Site to Site with another office called Branch Firewall.
I have a user using Remote VPN to connect to the Main firewall but they are not able to access the branch firewall while they are connected to the main firewall.
I have split tunneling enabled and have added the branch network to the allow list for the tunnel all networks acl for the remote user vpn.
Any ideas?
07-12-2007 07:54 AM
What version is your main firewall?
This is only possible with version 7.
You simply need to
1. enable "same-security-traffic permit intra-interface" on main ASA/pix.
2. add the remote access vpn client subnet to the interesting traffic for the lan to lan tunnel on both main and remote firewalls.
3. Make sure if using split tunneling that the new network is tunneled (the network at the remote site). Which you have already done.
4. Also make sure the vpn client network is added to the nat exemption acl in the remote firewall.
Please rate helpful posts.
09-07-2007 08:26 PM
Hi Acomiskey,
I too have the same problem and my pix version is 6.3(3).
Can you help me resolve it.
Regards,
K.V.Krishna
09-08-2007 08:53 AM
Hi,
I just came to know that it is not possible to configure cisco 501 (6.3)for the vpn client to access the remote network on a site to site ipsec tunnel.
Would request you to tell me if there is any possiblility for achieving the same as we are ready to do any changes in the network apart and the last would be upgrading the hardware and the firmware (please give this a last option)
Regards,
K.V.Krishna
08-01-2007 07:43 AM
I have the same issue. Did you find a solution?
thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide