ASA 5510

int client IP 172.0.1.XXX /24

VPN Client IP 172.0.1.248 /29

Static routes in the ASA

1) 0.0.0.0 --- points to router1

2) 172.29.1.1 --- Points to router2

3) 172.29.1.2 --- Points to router2

Router1 Internet connection // VPN access in path

Router2 Dedicated line to offsite hosting // Dedicated routes in ASA

................../---- ROUTER 1

..Inside -- ASA --- outside (switch 2 rtrs)

..................\---- ROUTER 2

If a PC from inside the network wants to talk with 172.29.1.2 it will work fine. If I VPN into the router, I can connect to anything onsite. I cannot talk to 172.29.1.1 or .2

At first I thought it was the same-security-traffic issue and applied same-security-traffic permit inter-interface then i tried same-security-traffic permit intra-interface.

Both commands failed, Looking at the diagram I think its something with the fact I VPN into this ASA. Now router2 see's our ASA as its external. So it see's our 208.12.*.* as the outgouing address and dest is 172.29.1.1 or .2

I did a capture on the outside interface and I see the following. Now these caps are from the inside PC's accessing the website.

3000 packets captured

1: 15:03:38.176733 208.12.*.*.60404 > 172.29.1.2.443: P 2697372408:2697372444(36) ack 2813073572 win 64360

2: 15:03:38.179815 208.12.*.*.63637 > 172.29.1.2.443: P 3373326671:3373326705(34) ack 3255654279 win 64512

3: 15:03:38.179876 208.12.*.*.60404 > 172.29.1.2.443: P 2697372444:2697372480(36) ack 2813073572 win 64360

4: 15:03:38.180181 172.29.1.2.443 > 208.12.*.*.27133: . ack 838693750 win 65456

5: 15:03:38.180212 172.29.1.2.443 > 208.12.*.*.26920: P 1652457319:1652457373(54) ack 2226176804 win 65482

Can someone point me in the right direction on how I would get the VPN working so it too can connect to those websites?