Routing over site to site tunnel after connecting via remote access
Can someone point me in the right direction.
I have an ASA 5505 setup with both remote access (Anyconnect), as well as a site to site tunnel over to a business partner.
From the outside, I can connect via anyconnect and go anywhere within my internal network. From the inside (when at the office where ASA is at) I can route to any destination on partner side (over site to site tunnel). But what I can't do, is when I connect via remote access from outside, is access the partner side network over the site to site tunnel. Can't ping any address on other side.
u used the vpn wizards to create both remote access and site to site tunnels.
Re: Routing over site to site tunnel after connecting via remote
You need to add your RA Pool network in partner's Ipsec tunnel acl policy , and at the same time in your office ASA where you have tunnel to partner and RA vpn allow same in your tunnel policy with partner, meaning you will allow in ASA partnet network to talk to RA network, also using your existing nat exempt rule for Ipsec applied to interface outside where both tunnels come in, that is l2l and RA tunnels, in additional to adding same-security-traffic permit intra-interface statement in office ASA for traffic to partner tunnel goes out and in on same interface where RA tunnel terminates in that office firewall.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...