Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
1
Replies

ASA AnyConnect access remote IPsec tunnel network

Philip Curwen
Level 1
Level 1

‎10-03-2014 05:36 AM - edited ‎03-11-2019 09:51 PM

Hi all, I have a Cisco ASA 5510 that I have AnyConnect VPN clients. At the local network I have an IPsec tunnel to a remote site. My inside interface on the ASA 5510 is 192.168.112.1/24, my IPpool for AnyConnect clients is 192.168.117.0/24. I have a seperate ASA 5505 that handles the VPN to my remote network. The 5505 inside interface is 192.168.112.10/24. The IPsec tunnel is up and runs fine for local users, a remote network is 10.1.0.0/16 I can ping clients no issues locally. When an AnyConnect VPN remote user pings any host on the 10.1.0.0/16 network I get time outs..Is it because the 5505 doesnt have a route to the AnyConnect IP pool 117.0/24?

Cheers

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎10-03-2014 07:07 AM

Your site-2-Site ASA needs:

  1. A route to the AnyConnect-Pool pointing to your main ASA.
  2. The AnyConnect pool needs to be included into the crypto definition that you use in your crypto map:
    permit ip 192.168.112.0 255.255.255.0 10.1.0.0 255.255.0.0
    permit ip 192.168.117.0 255.255.255.0 10.1.0.0 255.255.0.0
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card