Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
3
Replies

VPN Client -> ASA1 <-l2l Tunnel-> ASA2 -> Service won't work?

Go to solution
mamuehei
Level 1
Level 1

‎10-23-2008 12:36 PM - edited ‎02-21-2020 04:00 PM

Hi,

I spent a lot of time with this problem, but I didn't found a working configuration. I looks so simple, but nothing seems to work.

We have a Site 2 Site tunnel established between two ASA 5505, in the network "ASA2, 192.168.33.0/24" a terminal server is located.

A road warrior VPN User connects to the "ASA1, 192.168.0.0/24" network using the Cisco VPN Client. He is able to connect to services in his network, but not services which are located in network ASA2. The logfile is clean, no drops.

The client shows at the stats secured routes both networks.

Am I blind for the solution, or is it not possible?

Anyone has a int for me?

Best Regards,

Markus

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎10-23-2008 12:44 PM

Sounds like you need to configure 192.168.0.0/24 as part of the encryption domain for the L2L tunnel between ASA 1 to ASA2.

You need to configure the road warrior user to also encrypt traffic to the ASA2 network.

You need to enable same security intra-interface communication, so traffic can enter ASA 1, then leave ASA 1 to ASA 2 on the same outside interface.

HTH>

View solution in original post

0 Helpful

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎10-23-2008 12:51 PM

Markus,

Please refer the below URL for configuration details. Even though the below example is for VPN Client to Internet through the ASA, you could apply the same concept for the traffic from the VPN Client to the remote ASA where the terminal servers are located.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards,

Arul

*Pls rate if it helps*

View solution in original post

0 Helpful
3 Replies 3

Go to solution
andrew.prince
Level 10
Level 10

‎10-23-2008 12:44 PM

Sounds like you need to configure 192.168.0.0/24 as part of the encryption domain for the L2L tunnel between ASA 1 to ASA2.

You need to configure the road warrior user to also encrypt traffic to the ASA2 network.

You need to enable same security intra-interface communication, so traffic can enter ASA 1, then leave ASA 1 to ASA 2 on the same outside interface.

HTH>

0 Helpful

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎10-23-2008 12:51 PM

Markus,

Please refer the below URL for configuration details. Even though the below example is for VPN Client to Internet through the ASA, you could apply the same concept for the traffic from the VPN Client to the remote ASA where the terminal servers are located.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards,

Arul

*Pls rate if it helps*

0 Helpful

Go to solution
mamuehei
Level 1
Level 1
In response to ajagadee

‎10-23-2008 01:01 PM

Thanks a lot, didn't saw the wood for the trees ..

0 Helpful
Customers Also Viewed These Support Documents