L2L vpn

Unanswered Question

I have a small remote office that is only connected back to HQ with a Site to Site VPN connection, both sites running ASA's. The connectivity works fine and there really aren't any problems. My issue is when I'm on the remote ASA and I try to upload the config (or download an update) from my machine using the local address (in HQ) it does not connect. I see the ASA on the remote site attempting to make a connection to my local IP through it's public interface so it's not even trying to use the VPN tunnel. I can ping my machine from the remote ASA if I source the ping from the internal interface.

How can I make the tftp transfer work in this situation?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Thu, 02/05/2009 - 08:35
User Badges:
  • Silver, 250 points or more

because the "outside" ip address of the

remote ASA is NOT part of the "encryption

domain". In order to make it work,

you have to make the "outside" ip address

of the remote ASA as part of the encryption

domain as well.


This Discussion