Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
3
Replies

VPN from within the network I need to connect to

westernmotor
Level 1
Level 1

‎02-05-2009 09:44 AM - edited ‎02-21-2020 03:16 AM

I have a local office here that I have deployed a Cisco ASA 5505 device. To enable remote access for employees, I have enabled VPN access using an AAA server that authenticates requests from the Cisco VPN clients on the router. The remote employeees have laptops that are not members of the domain, so to gain domain access they utilize the VPN connection that authenticates their account against Active Directory. The problem I'm having is that when these remote employees are actually in the office using the network they have to connect to when working remotely, they have to use VPN to authenciate them to the local servers. Do I have to make an adjustment to the outbound security policies on the router to allow VPN connections to connect to the outside interface from within the same network?

0 Helpful
3 Replies 3

Ivan Martinon
Level 7
Level 7

‎02-05-2009 03:53 PM

Correct me if I am wrong, when they are on the Corporate Office they still need to authenticate to the Domain to gain access to these servers? If this with a computer that does not belong to the domain as well?

0 Helpful

westernmotor
Level 1
Level 1
In response to Ivan Martinon

‎02-05-2009 04:44 PM

That is correct. The partners in this business primarily work out of their homes in different cities. Their laptops are not members of the domain since they are rarely here. They authenticate to the domain for files sharing and email by tunneling in thru VPN. On the rare occasion that they are actually in town and working from the office, they need to have the ability to establish a tunnel from within the network to authenticate them to the domain. So, what happens is the tunnel request needs to go outside of the network and then come back in to reach the outside interface and establish a VPN tunnel on the ASA. As it is now, if they attempt a connection from within the network, they get an error that the server is not responding. I'm assuming it's due to a missing ACL on the router. Hopefully this makes sense.

0 Helpful

Ivan Martinon
Level 7
Level 7
In response to westernmotor

‎02-06-2009 07:28 AM

OK, understood, with your current setup, having the vpn configured to the outside, this won't work, you will need to apply the same crypto map that you have applied to the outside into the inside interface, as well as enable isakmp on the inside interface too, but that does not end there, you need to enable the command "same-security" to permit intra-interface.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card