Access site-site vpn via remote vpn

Unanswered Question
Jul 14th, 2009
User Badges:

Hi guys,

I'm using asa 5510 with a few branches connected via site-site vpn.

When remote vpn into HQ network, i can't access to my branches network.

How can i configure in order for me to access them via remote vpn?

Please advice. Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
megatron Tue, 07/14/2009 - 08:09
User Badges:

Thanks for the reply.

from my asa to remote site is connected via 877 router.

For example, my VPN client ip address is



After reading thru the forum solution,

the way out is like adding another network to my 877 router to allow access from vpn client pool network and also include tunneling of on my asa.

But these doesn't seems to work and i tried rebooting my 877.

Is there any impt step that i miss out?

Please alighten. Thanks

JORGE RODRIGUEZ Tue, 07/14/2009 - 09:43
User Badges:
  • Green, 3000 points or more

Ok you have


VPN RA terminates in ASA right? if so

you add in nonat rule at 877RT for the L2L the ASA RA vpn pool network as interesting traffic to be part of the L2L policy.

When RA vpn clients connect to ASA as long the L2L is UP RA VPN clients should be able to access resources in 877RT LAN.

You may also need same security trafic permit intra interface command in asa.

PLS correct me if im thinking of your topology wrong.



This Discussion