VPN Users Can Not Access Tunnel

Answered Question
Sep 21st, 2010

Hi All,


I have a problem, I have 2 sites both with ASA 5520's they are both connected via a site to site VPN.


this works fine all users in site A can access resources in site B and vice versa.


The problem comes when a user connects using a remote user VPN to site A they cannot access or ping anything in site B even though the FW issues them an ip in the range for site A.


Im sure there is something simple I have missed.


Thanks

Correct Answer by Jennifer Halim about 6 years 5 months ago

If the VPN Client pool is in the same subnet as site A LAN, then you probably just missing the following:

1) Double check if you have split tunnel policy, and site-B LAN is included in the split tunnel ACL.

2) Configure "same-security-traffic permit intra-interface" on site A ASA.


If the above has been configured, please share config from both ASA to further check where the issue is.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Tue, 09/21/2010 - 03:52

If the VPN Client pool is in the same subnet as site A LAN, then you probably just missing the following:

1) Double check if you have split tunnel policy, and site-B LAN is included in the split tunnel ACL.

2) Configure "same-security-traffic permit intra-interface" on site A ASA.


If the above has been configured, please share config from both ASA to further check where the issue is.

jamesprice141 Tue, 09/21/2010 - 04:08

Excellent thank you, you are a star!


I was missing 2


Schoolboy error, works fine now.

Actions

This Discussion