Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Routing over site to site tunnel after connecting via remote access

Can someone point me in the right direction.

I have an ASA 5505 setup with both remote access (Anyconnect), as well as a site to site tunnel over to a business partner.

From the outside, I can connect via anyconnect and go anywhere within my internal network. From the inside (when at the office where ASA is at) I can route to any destination on partner side (over site to site tunnel). But what I can't do, is when I connect via remote access from outside, is access the partner side network over the site to site tunnel. Can't ping any address on other side.

u used the vpn wizards to create both remote access and site to site tunnels.

thanks in advance,

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Routing over site to site tunnel after connecting via remote

Daniel, sorry for not giving you an example in my previous post which sounds confusing :)

I was able to fine a thread from while back , follow the example , apply the same principle for your anyconnect . should work. if you need help let me know to help you out.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2e0f6/4

5 REPLIES

Re: Routing over site to site tunnel after connecting via remote

You need to add your RA Pool network in partner's Ipsec tunnel acl policy , and at the same time in your office ASA where you have tunnel to partner and RA vpn allow same in your tunnel policy with partner, meaning you will allow in ASA partnet network to talk to RA network, also using your existing nat exempt rule for Ipsec applied to interface outside where both tunnels come in, that is l2l and RA tunnels, in additional to adding same-security-traffic permit intra-interface statement in office ASA for traffic to partner tunnel goes out and in on same interface where RA tunnel terminates in that office firewall.

regards

Community Member

Re: Routing over site to site tunnel after connecting via remote

I ran into a similar problem last Friday except my l2l tunnel could not ping each other. I used the command "nat (outside) 0 access-list 90"

"access-list 90 extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0"

Hope this helps

Re: Routing over site to site tunnel after connecting via remote

Daniel, sorry for not giving you an example in my previous post which sounds confusing :)

I was able to fine a thread from while back , follow the example , apply the same principle for your anyconnect . should work. if you need help let me know to help you out.

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=true&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2e0f6/4

Community Member

Re: Routing over site to site tunnel after connecting via remote

Thanks Jorge. Worked like a charm. Awesome follow up on your part, thanks for the help.

Regards,

Re: Routing over site to site tunnel after connecting via remote

Daniel, glad all worked out.. thanks for the rating.

Regards

160
Views
0
Helpful
5
Replies
CreatePlease to create content