Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

remote-access vpn for client on inside ASA interface

Hi, only for testing purpose, we need to enable remote-access for a client on inside lan, toward inside ASA IP interface.

Traffic should be encrypted to the inside ASA IP and should come out decrypted from the same interface.

How to ? (same-security-traffic enabled, and crypto isakmp and crypto ipsec enabled on inside interface).

thanks

4 REPLIES
Cisco Employee

Re: remote-access vpn for client on inside ASA interface

If the destination network is on the inside, and that is where your routing points, it should work. You said you have crypto ipsec enabled, I am assuming you meant the crypto map is enabled on the inside?

Check your routing, and do packet captures to see what is going on with the traffic. Does the ESP packet make it to the ASA, and what happens when the decrypted packet has to go out - which interface does it go out, and if it leaves that way or not. Packet captures are your friend.

PS. If you found this post helpful, please rate it.

Hall of Fame Super Gold

Re: remote-access vpn for client on inside ASA interface

Renato

I have set up Remote Access VPN on ASA and for testing purposes I have enabled VPN connections on both the inside and outside interfaces. It is working fine for me. Have you enabled same-security-traffic intra-interface?

HTH

Rick

Community Member

Re: remote-access vpn for client on inside ASA interface

Hi, during my test I enabled same-security-traffic intra-interface, but after test I disabled it, because it's a global command, for all interfaces.

Have you enabled ip pool assignment for vpn client in your test ?

thank you

Hall of Fame Super Gold

Re: remote-access vpn for client on inside ASA interface

Renato

Yes I enabled ip pool assignment for vpn client users. It works fine.

HTH

Rick

264
Views
0
Helpful
4
Replies
CreatePlease to create content