cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
616
Views
0
Helpful
1
Replies

Remote Access VPN to L2L Tunnel

ryan.bachman
Level 1
Level 1

I am working with a remote site that has their Remote access user terminating on a ASA 7.X device. Between our two locations we have a lan-to-lan tunnel for their access to certain servers we host for statistical purposes.

The problem is, their remote access users can't traverse that L2L tunnel. We have included the IPs that those remote access users use while VPNd in, on both sides of the ACLs defining interesting traffic, but they still can't hit our servers.

I am trying to help the distant end on this troubleshoot; so I was wondering if there was any additional configuration on the ASA device that will allow remote access users to turn around and traverse that L2L tunnel. If anyone has any idea where these guys might be going wrong, I would greatly appreciate the help.

Thanks in advanced.

1 Reply 1

lapascua06
Level 1
Level 1

Hi,

You have to configure your ASA to do hairpinning (route traffic out of the same interface). This is the command on the ASA:

same-security-traffic permit intra-interface

Plus, you need to add a no nat statement on the ASA wherein the traffic is from your vpn client pool going to the servers network.

You can use this link for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml#newra

Hope this helps...

Cheers,

lapascua

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: