VPN Site-Site issue via VPN client

Unanswered Question
Jun 21st, 2010


currently I need to connect to remote server via vpn client.

How can i procced with the below setup?


  VPN client ----> ASA ( <----site-site ---> ASA ( -----> Server (

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Mon, 06/21/2010 - 21:40

Are you trying to remote access (VPN Client) to ASA (, then access resources off the Site-to-Site VPN tunnel on the server?

If that is what you are trying to do, you would need to configure the following:

- Add the remote access ip pool subnet as part of the crypto ACL in your site-to-site vpn crypto ACL

- Add the remote subnet ( subnet in your split tunnel ACL if you configure split tunnel policy for your remote access vpn client.

- Configure "same-security-traffic permit intra-interface" on the ASA.

- Assuming there is no NAT statement on the ASA outside interface, then you would only need to configure NAT exemption on the remote ASA for traffic between remote LAN subnet and ip pool subnet.

Hope that helps.


This Discussion