Remote Access VPN to L2L Tunnel

Unanswered Question
Sep 19th, 2007

I am working with a remote site that has their Remote access user terminating on a ASA 7.X device. Between our two locations we have a lan-to-lan tunnel for their access to certain servers we host for statistical purposes.

The problem is, their remote access users can't traverse that L2L tunnel. We have included the IPs that those remote access users use while VPNd in, on both sides of the ACLs defining interesting traffic, but they still can't hit our servers.

I am trying to help the distant end on this troubleshoot; so I was wondering if there was any additional configuration on the ASA device that will allow remote access users to turn around and traverse that L2L tunnel. If anyone has any idea where these guys might be going wrong, I would greatly appreciate the help.

Thanks in advanced.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lapascua06 Wed, 09/19/2007 - 18:01

Hi,

You have to configure your ASA to do hairpinning (route traffic out of the same interface). This is the command on the ASA:

same-security-traffic permit intra-interface

Plus, you need to add a no nat statement on the ASA wherein the traffic is from your vpn client pool going to the servers network.

You can use this link for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml#newra

Hope this helps...

Cheers,

lapascua

Actions

This Discussion