I am using an ASA 5510 for both remote access and site to site VPN. Is there a way for the remote access clients to access the remote sites via the site to site tunnels? I have included the IP address range of the remote access clients in the crypto maps for the site to site tunnels but their traffic appears to be blocked. I suppose I could set up a second ASA to handle just the remote access users but I would prefer to avoid the expense if possible.
Are the acl configure correctly and are you permitting the traffic on the remote end? You wont need that second ASA, I have this setup in my network now. Are you using RRI for the site to site? Reverse route injection.
The ACLs appear to be working fine. I am passing IP traffic for all of the configured subnets with the exception of the remote access subnet. I have both ends of the tunnel configured with the RA subnet in the crypto map. I am not using reverse route injection. Actually I am not at all familiar with it. Do you think this is where I should start looking?
The pool of addresses for remote access is 172.25.25.1 to 172.25.25.254. This is the address pool referred to by RemoteAccPool. I have confirmed that this range of addresses is in the ACLs on both ends of the tunnel. This is were I first started looking when the traffic would not pass once the tunnel was established.
Thanks
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
