allow traffic through remote client

Answered Question
Sep 26th, 2010

hi friends,

i ll explain my setup,

i have one asa in datacenter having static ip and then site office also having static ip these two sites are connected using VPN and i configured remote client in the datacenter.

the remote client workers needs to access the site office network . this is my setup.

the problem i am facing is that remote workers they can't able to access site office network.but if i try to ping the vpn pool ip from site office and then if i try

from remote client i can able to access siteoffice from remote client.

please provide me the solution experts

I have this problem too.
0 votes
Correct Answer by Jennifer Halim about 6 years 2 months ago

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.

There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Sun, 09/26/2010 - 17:19

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.

There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip

Hope that helps.

Actions

This Discussion