I currently have 5 sites that are connected via hub/spoke LAN-to-LAN connections with Denver being the primary site. We are looking to enable Remote VPNs using the Cisco VPN client. I have been able to connect to the main denver location, but cannot connect to any of the remote sites via the Remote VPN. I have all of the addresses for the remote sites listed in my split tunneling configuration. All of the firewalls are the ASA series using ASDM 5.2. Can this be done?
So you want to go over ra vpn to denver then go over l2l tunnels to remote sites? A few things, you must define the traffic as interesting in your crypto acl's for the l2l tunnels and also have to enable the following.
same-security-traffic permit intra-interface
this will allow traffic to enter and exit same interface. (outside in this case)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...