10-27-2009 09:51 AM - edited 03-11-2019 09:32 AM
Hi all
i have L2L Vpn between an ASA 5510 and a PX515 running fine.
I also have a RA VPN running on the ASA5510
What i would like to do is: have ppl dial in to the ASA and get an IP from the VPN Pool 192.168.10.0/24 and then access web services sitting behing the remote location's PIX (192.168.3.0/24)
so far, ive added a static route (192.168.10.0/24 which is the subnet assigned to the RA users) to go through the outisde interface e.g route outside 192.168.10.0 255.255.255.0 81.xxx.xxx.xxx
Ive also added the following to the acl which protects the L2L VPN
access-list acl_l2l_vpn permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
Ive done the same but reversed the IP's on the PIX
grateful for your replies
thanks
10-27-2009 10:36 AM
You will also need this on the ASA.
same-security-traffic permit intra-interface
And did you add the traffic to the nat0 acl on the PIX end?
ex.
access-list nat0 permit ip 192.168.3.0 255.255.255.0 192.168.10.0 255.255.255.0
11-02-2009 01:26 AM
hi,
can you please explain why i would need the "same-security-traffic permit intra-interface" command.
And yes I have added the subnets to the no nat statements on both the ASA and PIX
thanks
01-06-2010 07:18 AM
Hi
just to update this - this was sorted by adding the RA subnet to the split tunnel ACL
01-06-2010 08:43 AM
The `same-security-traffic permit intra-interface` allows traffic to pass out the same interface which it arrived on.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide