Access site-site vpn via remote vpn

Unanswered Question
Jul 14th, 2009

Hi guys,

I'm using asa 5510 with a few branches connected via site-site vpn.

When remote vpn into HQ network, i can't access to my branches network.

How can i configure in order for me to access them via remote vpn?

Please advice. Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
megatron Tue, 07/14/2009 - 08:09

Thanks for the reply.

from my asa to remote site is connected via 877 router.

For example, my VPN client ip address is 192.168.1.0/24

HQ 192.168.2.0/24

Branch 192.168.3.0/24

After reading thru the forum solution,

the way out is like adding another network to my 877 router to allow access from vpn client pool network and also include tunneling of 192.168.3.0 on my asa.

But these doesn't seems to work and i tried rebooting my 877.

Is there any impt step that i miss out?

Please alighten. Thanks

JORGE RODRIGUEZ Tue, 07/14/2009 - 09:43

Ok you have

ASA->L2L<-877RT

VPN RA terminates in ASA right? if so

you add in nonat rule at 877RT for the L2L the ASA RA vpn pool network as interesting traffic to be part of the L2L policy.

When RA vpn clients connect to ASA as long the L2L is UP RA VPN clients should be able to access resources in 877RT LAN.

You may also need same security trafic permit intra interface command in asa.

PLS correct me if im thinking of your topology wrong.

Regards

Actions

This Discussion