Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA AnyConnect access remote IPsec tunnel network

Hi all, I have a Cisco ASA 5510 that I have AnyConnect VPN clients. At the local network I have an IPsec tunnel to a remote site. My inside interface on the ASA 5510 is 192.168.112.1/24, my IPpool for AnyConnect clients is 192.168.117.0/24. I have a seperate ASA 5505 that handles the VPN to my remote network. The 5505 inside interface is 192.168.112.10/24. The IPsec tunnel is up and runs fine for local users, a remote network is 10.1.0.0/16 I can ping clients no issues locally. When an AnyConnect VPN remote user pings any host on the 10.1.0.0/16 network I get time outs..Is it because the 5505 doesnt have a route to the AnyConnect IP pool 117.0/24?

Cheers

1 REPLY
VIP Purple

Your site-2-Site ASA needs:A

Your site-2-Site ASA needs:

  1. A route to the AnyConnect-Pool pointing to your main ASA.
  2. The AnyConnect pool needs to be included into the crypto definition that you use in your crypto map:
    permit ip 192.168.112.0 255.255.255.0 10.1.0.0 255.255.0.0
    permit ip 192.168.117.0 255.255.255.0 10.1.0.0 255.255.0.0
136
Views
0
Helpful
1
Replies
CreatePlease to create content