Clientless SSL VPN - Can it access other site-to-site VPN networks?

Unanswered Question
Jul 13th, 2009

Hello,

We currently have an ASA 5510 at one of our sites with about 3 other site-to-site VPN's connected to it for all our branch offices. I setup the Clientless SSL VPN(WebVPN) and I can access everything on the local network that the ASA is attached to, is there anyway to be able to access the other end of the site-to-site VPN's tunnels through the Clientless SSL VPN?

I have it setup where the SSL VPN(Anyconnect) and the older Cisco IPSec clients can access the other end of the site-to-site tunnels. The only reason I need the configure the Clientless SSL VPN is that we have some remote users that need to access various servers all over our entire network from their home PC.

Any Ideas?

Thank you,

Will Cada

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jbayuka Fri, 07/17/2009 - 05:41

You can access the other end of the site-to-site VPN tunnels through the Clientless SSL VPN. Make sure that all sites have connectivity between each other.

r.broschinski Wed, 08/12/2009 - 03:48

did anyone get his setup working. i did this in a lab and it was not possible to access remote location over vpn tunnel through clientless ssl because of routing. the clientless traffic was not encrypted and sent directly via asa outside interface.

auraza Thu, 10/08/2009 - 13:58

In your crypto ACLs for the site-to-site tunnels, add the ASA's public IP destined to the remote network, and mirror this ACL on the remote end VPN device.

Example:

ASA public IP: 2.2.2.2

Remote network: 192.168.1.0/24

access-list vpn_to_remote_network permit ip host 2.2.2.2 192.168.1.0 255.255.255.0

Mirror the above acl on the remote end router.

PS. If you found this post helpful, please rate it.

Actions

This Discussion