Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
1
Replies

VPN Site-Site issue via VPN client

megatron
Level 1
Level 1

‎06-21-2010 09:01 PM

Hi,

currently I need to connect to remote server via vpn client.

How can i procced with the below setup?

Thanks

  VPN client ----> ASA (192.168.1.1) <----site-site ---> ASA (192.168.2.1) -----> Server (192.168.2.100)

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-21-2010 09:40 PM

Are you trying to remote access (VPN Client) to ASA (192.168.1.1), then access resources off the Site-to-Site VPN tunnel on the 192.168.2.100 server?

If that is what you are trying to do, you would need to configure the following:

- Add the remote access ip pool subnet as part of the crypto ACL in your site-to-site vpn crypto ACL

- Add the remote subnet (192.168.2.0/24) subnet in your split tunnel ACL if you configure split tunnel policy for your remote access vpn client.

- Configure "same-security-traffic permit intra-interface" on the 192.168.1.1 ASA.

- Assuming there is no NAT statement on the 192.168.1.1 ASA outside interface, then you would only need to configure NAT exemption on the remote ASA for traffic between remote LAN subnet and ip pool subnet.

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents