Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

VPN Client -> ASA1 <-l2l Tunnel-> ASA2 -> Service won't work?

Hi,

I spent a lot of time with this problem, but I didn't found a working configuration. I looks so simple, but nothing seems to work.

We have a Site 2 Site tunnel established between two ASA 5505, in the network "ASA2, 192.168.33.0/24" a terminal server is located.

A road warrior VPN User connects to the "ASA1, 192.168.0.0/24" network using the Cisco VPN Client. He is able to connect to services in his network, but not services which are located in network ASA2. The logfile is clean, no drops.

The client shows at the stats secured routes both networks.

Am I blind for the solution, or is it not possible?

Anyone has a int for me?

Best Regards,

Markus

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: VPN Client -> ASA1 <-l2l Tunnel-> ASA2 -> Service won't work

Sounds like you need to configure 192.168.0.0/24 as part of the encryption domain for the L2L tunnel between ASA 1 to ASA2.

You need to configure the road warrior user to also encrypt traffic to the ASA2 network.

You need to enable same security intra-interface communication, so traffic can enter ASA 1, then leave ASA 1 to ASA 2 on the same outside interface.

HTH>

Cisco Employee

Re: VPN Client -> ASA1 <-l2l Tunnel-> ASA2 -> Service won't work

Markus,

Please refer the below URL for configuration details. Even though the below example is for VPN Client to Internet through the ASA, you could apply the same concept for the traffic from the VPN Client to the remote ASA where the terminal servers are located.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards,

Arul

*Pls rate if it helps*

3 REPLIES

Re: VPN Client -> ASA1 <-l2l Tunnel-> ASA2 -> Service won't work

Sounds like you need to configure 192.168.0.0/24 as part of the encryption domain for the L2L tunnel between ASA 1 to ASA2.

You need to configure the road warrior user to also encrypt traffic to the ASA2 network.

You need to enable same security intra-interface communication, so traffic can enter ASA 1, then leave ASA 1 to ASA 2 on the same outside interface.

HTH>

Cisco Employee

Re: VPN Client -> ASA1 <-l2l Tunnel-> ASA2 -> Service won't work

Markus,

Please refer the below URL for configuration details. Even though the below example is for VPN Client to Internet through the ASA, you could apply the same concept for the traffic from the VPN Client to the remote ASA where the terminal servers are located.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards,

Arul

*Pls rate if it helps*

New Member

Re: VPN Client -> ASA1 <-l2l Tunnel-> ASA2 -> Service won't work

Thanks a lot, didn't saw the wood for the trees ..

214
Views
0
Helpful
3
Replies
CreatePlease to create content