Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote Access VPN to Site-to-Site VPN

We have a remote access VPN and a site-to-site VPN. Both work fine except that clients of the remote access VPN can not access hosts on the site-to-site VPN.

We are 10.5.5.0

Site-to-Site VPN goes to 10.2.2.0

Remote access clients can access anything on 10.5.5.0 but nothing on 10.2.2.0.

What needs to be done to allow this to happen?

9 REPLIES
Green

Re: Remote Access VPN to Site-to-Site VPN

Is this ASA/PIX 7?

You need to add the traffic between the lans to the nat exemption and crypto acls on the firewalls.

Headend Firewall

same-security-traffic permit intra-interface

access-list extended permit ip 10.2.2.0 255.255.255.0

Remote Firewall

access-list extended permit ip 10.2.2.0 255.255.255.0

access-list extended permit ip 10.2.2.0 255.255.255.0

Also, if you are split tunnelling you need to add the remote subnet to be tunneled.

Please rate helpful posts.

Community Member

Re: Remote Access VPN to Site-to-Site VPN

BTW, realized I was using the wrong account.

Thank you!

PIX 506E (6.3) is local, PIX 515E (7.0) is remote.

I am getting "Command failed" when I attempt to execute:

same-security-traffic permit intra-interface

Thoughts?

Green

Re: Remote Access VPN to Site-to-Site VPN

Sorry, it won't work that way with pix 6.

Community Member

Re: Remote Access VPN to Site-to-Site VPN

Is there another option besides using two different remote access VPNs for each client?

Green

Re: Remote Access VPN to Site-to-Site VPN

Not that I know of. The problem is version 6 will not let you u turn traffic out the same interface it arrived on. It would work if the version 7 was headend and version 6 was at remote site.

Community Member

Re: Remote Access VPN to Site-to-Site VPN

Is it possible to upgrade the v. 6 to v. 7?

Green

Re: Remote Access VPN to Site-to-Site VPN

The PIX 501, PIX 506/506E, and PIX 520 security appliances are not supported in software Version 7.0.

Hall of Fame Super Blue

Re: Remote Access VPN to Site-to-Site VPN

Hi

Do you have a router behind your Pix 506 or is it just a single subnet behind the pix ?

Jon

Community Member

Re: Remote Access VPN to Site-to-Site VPN

Just a single subnet behind the PIX.

160
Views
0
Helpful
9
Replies
CreatePlease to create content