01-08-2010 01:36 AM
How can I configure my ASA to route between VPN clients.
This is necessary due to the need to use IPT between users at Home Office.
Regards,
nhj
01-08-2010 01:12 PM
What do you mean to route between VPN clients?
You want VPN clients to communicate to each other through the VPN tunnel?
01-08-2010 02:28 PM
Please elaborate what you are trying to accomplish.
Since you're saying you're going to run IPT (voice) I'm guessing you want this host to host communication due to how RTP works. This is not possible dynamically with Ipsec and not at all with remote access vpn. DMVPN or GET is traditionally used for these scenarios, but the ASA does not support GRE.
01-11-2010 01:10 AM
I have a ASA FW which I have all my VPN clients logged into. They are all logged into servers centrally.
However my problem is that these users use Cisco IPT. Calling into the main office is working fine, also breakout to the city line.
But they cannot call each other. I have tested ping between clients and this is not working either.
So basicly the problem is no IP connectivity between VPN clients.
Regards,
nhj
01-11-2010 08:01 AM
If you want to communicate among your clients, make sure that you have 3 things.
1.- Allow 'U' Turn with the following command: same-security-traffic permit intra-interface
2.- Have a static NAT translation (outside,outside)
3.- If you have split-tunnel configured, make sure that you are sending traffic destined for the pool network accross the VPN Tunnel.
You can give that a try.
01-11-2010 08:40 AM
As Kent said, you cannot make an RTP session between two VPN clients on the same device using IPsec remote client connection.....
I am just wondering, when you try PING connectivity between the two VPN clients, are you trying to reach the other VPN client by his real IP or by his assigned-VPN IP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide