Remote VPN Client connection and VPN Site to Site

cisconoobie · ‎07-12-2007

What do I need to setup to allow remote VPN Clients to be able to access networks that are connected via VPN Site to Site.

Example:

Main Firewall has a VPN Site to Site with another office called Branch Firewall.

I have a user using Remote VPN to connect to the Main firewall but they are not able to access the branch firewall while they are connected to the main firewall.

I have split tunneling enabled and have added the branch network to the allow list for the tunnel all networks acl for the remote user vpn.

Any ideas?

acomiskey · ‎07-12-2007

What version is your main firewall?

This is only possible with version 7.

You simply need to

1. enable "same-security-traffic permit intra-interface" on main ASA/pix.

2. add the remote access vpn client subnet to the interesting traffic for the lan to lan tunnel on both main and remote firewalls.

3. Make sure if using split tunneling that the new network is tunneled (the network at the remote site). Which you have already done.

4. Also make sure the vpn client network is added to the nat exemption acl in the remote firewall.

Please rate helpful posts.

AGINetworkGroup · ‎09-07-2007

Hi Acomiskey,

I too have the same problem and my pix version is 6.3(3).

Can you help me resolve it.

Regards,

K.V.Krishna

AGINetworkGroup · ‎09-08-2007

Hi,

I just came to know that it is not possible to configure cisco 501 (6.3)for the vpn client to access the remote network on a site to site ipsec tunnel.

Would request you to tell me if there is any possiblility for achieving the same as we are ready to do any changes in the network apart and the last would be upgrading the hardware and the firmware (please give this a last option)

Regards,

K.V.Krishna

LouisBHirst · ‎08-01-2007

I have the same issue. Did you find a solution?

thanks.