10-23-2008 12:36 PM - edited 02-21-2020 04:00 PM
Hi,
I spent a lot of time with this problem, but I didn't found a working configuration. I looks so simple, but nothing seems to work.
We have a Site 2 Site tunnel established between two ASA 5505, in the network "ASA2, 192.168.33.0/24" a terminal server is located.
A road warrior VPN User connects to the "ASA1, 192.168.0.0/24" network using the Cisco VPN Client. He is able to connect to services in his network, but not services which are located in network ASA2. The logfile is clean, no drops.
The client shows at the stats secured routes both networks.
Am I blind for the solution, or is it not possible?
Anyone has a int for me?
Best Regards,
Markus
Solved! Go to Solution.
10-23-2008 12:44 PM
Sounds like you need to configure 192.168.0.0/24 as part of the encryption domain for the L2L tunnel between ASA 1 to ASA2.
You need to configure the road warrior user to also encrypt traffic to the ASA2 network.
You need to enable same security intra-interface communication, so traffic can enter ASA 1, then leave ASA 1 to ASA 2 on the same outside interface.
HTH>
10-23-2008 12:51 PM
Markus,
Please refer the below URL for configuration details. Even though the below example is for VPN Client to Internet through the ASA, you could apply the same concept for the traffic from the VPN Client to the remote ASA where the terminal servers are located.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml
Regards,
Arul
*Pls rate if it helps*
10-23-2008 12:44 PM
Sounds like you need to configure 192.168.0.0/24 as part of the encryption domain for the L2L tunnel between ASA 1 to ASA2.
You need to configure the road warrior user to also encrypt traffic to the ASA2 network.
You need to enable same security intra-interface communication, so traffic can enter ASA 1, then leave ASA 1 to ASA 2 on the same outside interface.
HTH>
10-23-2008 12:51 PM
Markus,
Please refer the below URL for configuration details. Even though the below example is for VPN Client to Internet through the ASA, you could apply the same concept for the traffic from the VPN Client to the remote ASA where the terminal servers are located.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml
Regards,
Arul
*Pls rate if it helps*
10-23-2008 01:01 PM
Thanks a lot, didn't saw the wood for the trees ..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: