10-22-2008 12:58 AM - edited 02-21-2020 04:00 PM
We have ASA 5510 which terminate Remote VPN clients as CVPN client and also hardware base client (Cisco IOS routers). How can we do that CVPN client when a connected to ASA has access at remote sites (through ASA, hub-spoke) which connected with hardware VPN clients (which work in auto mode with network extension). Is it possible?
10-22-2008 01:18 AM
MUSTAFA,
You have to ensure that the VPN client IP Subnet is also part of the encryption domains to the remote sites.
Then you have to enable "same-security-traffic permit intra-interface"
HTH>
10-22-2008 03:56 AM
We have an IP pool for CVPN clients:192.168.254.0/24 but hardware clients have own LAN networks for example: 192.168.2.0/24, 192.168.3./24 etc. What must I do in this case?
10-22-2008 04:24 AM
The encryption domains must include the 192.168.254.0/24 to be able to encrypted and decrypted from the remote sites.
Something like:-
access-list vpn-site-a permit ip 192.168.254.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list vpn-site-b permit ip 192.168.254.0 255.255.255.0 192.168.3.0 255.255.255.0
HTH>
10-22-2008 05:01 AM
Also make sure that all the (no)nat rules are correctly in place. I've created a similair sollution once for a customer and had some difficulties with that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: