Roting between VPN clients.

nhjorgensen · ‎01-08-2010

How can I configure my ASA to route between VPN clients.

This is necessary due to the need to use IPT between users at Home Office.

Regards,

nhj

Federico Coto Fajardo · ‎01-08-2010

What do you mean to route between VPN clients?

You want VPN clients to communicate to each other through the VPN tunnel?

Kent Heide · ‎01-08-2010

Please elaborate what you are trying to accomplish.

Since you're saying you're going to run IPT (voice) I'm guessing you want this host to host communication due to how RTP works. This is not possible dynamically with Ipsec and not at all with remote access vpn. DMVPN or GET is traditionally used for these scenarios, but the ASA does not support GRE.

nhjorgensen · ‎01-11-2010

I have a ASA FW which I have all my VPN clients logged into. They are all logged into servers centrally.

However my problem is that these users use Cisco IPT. Calling into the main office is working fine, also breakout to the city line.

But they cannot call each other. I have tested ping between clients and this is not working either.

So basicly the problem is no IP connectivity between VPN clients.

Regards,

nhj

yamramos.tueme · ‎01-11-2010

If you want to communicate among your clients, make sure that you have 3 things.

1.- Allow 'U' Turn with the following command: same-security-traffic permit intra-interface

2.- Have a static NAT translation (outside,outside)

3.- If you have split-tunnel configured, make sure that you are sending traffic destined for the pool network accross the VPN Tunnel.

You can give that a try.

Federico Coto Fajardo · ‎01-11-2010

As Kent said, you cannot make an RTP session between two VPN clients on the same device using IPsec remote client connection.....

I am just wondering, when you try PING connectivity between the two VPN clients, are you trying to reach the other VPN client by his real IP or by his assigned-VPN IP?