10-05-2009 06:43 AM - edited 02-21-2020 03:43 AM
Hi, only for testing purpose, we need to enable remote-access for a client on inside lan, toward inside ASA IP interface.
Traffic should be encrypted to the inside ASA IP and should come out decrypted from the same interface.
How to ? (same-security-traffic enabled, and crypto isakmp and crypto ipsec enabled on inside interface).
thanks
10-08-2009 01:55 PM
If the destination network is on the inside, and that is where your routing points, it should work. You said you have crypto ipsec enabled, I am assuming you meant the crypto map is enabled on the inside?
Check your routing, and do packet captures to see what is going on with the traffic. Does the ESP packet make it to the ASA, and what happens when the decrypted packet has to go out - which interface does it go out, and if it leaves that way or not. Packet captures are your friend.
PS. If you found this post helpful, please rate it.
10-13-2009 10:10 AM
Renato
I have set up Remote Access VPN on ASA and for testing purposes I have enabled VPN connections on both the inside and outside interfaces. It is working fine for me. Have you enabled same-security-traffic intra-interface?
HTH
Rick
10-13-2009 11:08 AM
Hi, during my test I enabled same-security-traffic intra-interface, but after test I disabled it, because it's a global command, for all interfaces.
Have you enabled ip pool assignment for vpn client in your test ?
thank you
10-23-2009 02:01 PM
Renato
Yes I enabled ip pool assignment for vpn client users. It works fine.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide