03-12-2010 06:51 AM - edited 02-21-2020 04:32 PM
I have connected a remote office using an ASA 5505 to the main office which uses NSA 3500 Sonic Firewall. I was able to bring up the site-to-site vpn and can ping clients on each end. I was also looking at configuring vpn client access for employees who travel. The remote office behind the ASA has a backup domain controller to store the profiles but the exchange server is at the main office behind the Sonic Firewall. If I connect a VPN client to the ASA (remote office); the employees can pull their profile; however, they can't access the exchange server. If they connect to the Sonic Firewall then they can't pull their profiles. People at the main office and remote office have no problem accessing resources.
VPN Client (on the road) --> ASA 5505 (remote office) --> (site-to-site connection)--> Sonic Firewall (main office) --> exchange server
I can ping vpn client to ASA.
I can't ping the exchange server.
People at the remote office can access everything at the main office and vice versa.
Would this be correct behavior?
03-17-2010 03:31 AM
To access HQ when you are connected to ASA 5505 via VPN Client, you would need to configure the following:
- crypto ACL on the LAN-to-LAN tunnel between ASA and SonicWall should include the VPN Client IP Pool, ie:
++ On the ASA, crypto ACL on the LAN-to-LAN tunnel: access-list
++ On Sonicwall, crypto ACL on the LAN-to-LAN tunnel: reverse of the above: access-list
- On the ASA, should include "same-security-traffic permit intra-interface": to allow traffic in and out of the outside interface.
- If you configure split tunnel for the VPN Client connection, remember to include Sonicwall subnet in your split tunnel list.
- On Sonicwall, you would need to configure NAT exemption for traffic from Sonicwall subnet towards the ASA VPN Client IP Pool subnet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide