I have an ASA configured for SSL vpn for remote access, and also an IPSec tunnel between the ASA and another site. The SSL vpn works fine, and i am able to access everything at the ASA site. The IPSec tunnel is also working and i am able to communicate between the two sites.
My issue is that SSL vpn users can not access the second site through the IPSec tunnel. Hair pinning is working to some extent, and the SSL vpn users are able to route their internet traffic over the link and go out over the ASA internet connection.
The second site's IPSec tunnel is terminated on an IOS router. Looking at the IPSec stats i can see packets being encrypted for the SSL user subnet, but not decrypted when i ping an address. The ASA does not seem to forward the packet from the SSL tunnel back over the IPSec tunnel.
Yes, the SSL client is tunneling the second site's subnet and i can see the packets being encrypted on those stats.
Before i spend too much time on this, should this design work? The ASA is running 8.04.