Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Remote Site - Concurrent LAN--TO-LAN tunnel and Remote Access Connectivity


Central Site - VPN 3005 Concentrator, with public interface in a DMZ behind a PIX firewall. ACL on PIX permits inbound connections to the concentrator as ESP, UDP port 500 and UDP port 4500. Concentrator has NAT-T enabled globally.

Remote sites have varying types of Cisco routers. Configured with LAN-TO-LAN IPSec VPN tunnel. ACL on remote router only permits connections to the central site over TCP ports 25 and 110. This is for security reasons. Remote sites are without any local IT support or admin, therefore a threat to central site.

From time time personnel from the head office visit the remote sites. The personnel at the head office use MS Outlook as a MAPI client connected to the Exchange server. When they visit the remote sites they cannot connect to the Exchange server, because of the ACL that restricts traffic to TCP ports 25 and 110 only.

Is it possible for head office personnel to use the Cisco VPN client from the remote sites to form a remote access connection, at the same time as the LAN-TO-LAN tunnel? When we try and do this at present the VPN client connects but it brings down the LAN-TO-LAN tunnel.

CreatePlease to create content