allow traffic through remote client

Answered Question
Sep 26th, 2010
User Badges:

hi friends,


i ll explain my setup,


i have one asa in datacenter having static ip and then site office also having static ip these two sites are connected using VPN and i configured remote client in the datacenter.


the remote client workers needs to access the site office network . this is my setup.


the problem i am facing is that remote workers they can't able to access site office network.but if i try to ping the vpn pool ip from site office and then if i try


from remote client i can able to access siteoffice from remote client.


please provide me the solution experts

Correct Answer by Jennifer Halim about 6 years 10 months ago

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.


There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip


On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Sun, 09/26/2010 - 17:19
User Badges:
  • Cisco Employee,

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.


There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip


On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip


Hope that helps.

Actions

This Discussion