remote-access vpn for client on inside ASA interface

Unanswered Question
Oct 5th, 2009

Hi, only for testing purpose, we need to enable remote-access for a client on inside lan, toward inside ASA IP interface.

Traffic should be encrypted to the inside ASA IP and should come out decrypted from the same interface.

How to ? (same-security-traffic enabled, and crypto isakmp and crypto ipsec enabled on inside interface).


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
auraza Thu, 10/08/2009 - 13:55

If the destination network is on the inside, and that is where your routing points, it should work. You said you have crypto ipsec enabled, I am assuming you meant the crypto map is enabled on the inside?

Check your routing, and do packet captures to see what is going on with the traffic. Does the ESP packet make it to the ASA, and what happens when the decrypted packet has to go out - which interface does it go out, and if it leaves that way or not. Packet captures are your friend.

PS. If you found this post helpful, please rate it.

Richard Burts Tue, 10/13/2009 - 10:10


I have set up Remote Access VPN on ASA and for testing purposes I have enabled VPN connections on both the inside and outside interfaces. It is working fine for me. Have you enabled same-security-traffic intra-interface?



r.spiandorello Tue, 10/13/2009 - 11:08

Hi, during my test I enabled same-security-traffic intra-interface, but after test I disabled it, because it's a global command, for all interfaces.

Have you enabled ip pool assignment for vpn client in your test ?

thank you

Richard Burts Fri, 10/23/2009 - 14:01


Yes I enabled ip pool assignment for vpn client users. It works fine.




This Discussion