Cisco Support Community
Community Member

VPN from within the network I need to connect to

I have a local office here that I have deployed a Cisco ASA 5505 device. To enable remote access for employees, I have enabled VPN access using an AAA server that authenticates requests from the Cisco VPN clients on the router. The remote employeees have laptops that are not members of the domain, so to gain domain access they utilize the VPN connection that authenticates their account against Active Directory. The problem I'm having is that when these remote employees are actually in the office using the network they have to connect to when working remotely, they have to use VPN to authenciate them to the local servers. Do I have to make an adjustment to the outbound security policies on the router to allow VPN connections to connect to the outside interface from within the same network?


Re: VPN from within the network I need to connect to

Correct me if I am wrong, when they are on the Corporate Office they still need to authenticate to the Domain to gain access to these servers? If this with a computer that does not belong to the domain as well?

Community Member

Re: VPN from within the network I need to connect to

That is correct. The partners in this business primarily work out of their homes in different cities. Their laptops are not members of the domain since they are rarely here. They authenticate to the domain for files sharing and email by tunneling in thru VPN. On the rare occasion that they are actually in town and working from the office, they need to have the ability to establish a tunnel from within the network to authenticate them to the domain. So, what happens is the tunnel request needs to go outside of the network and then come back in to reach the outside interface and establish a VPN tunnel on the ASA. As it is now, if they attempt a connection from within the network, they get an error that the server is not responding. I'm assuming it's due to a missing ACL on the router. Hopefully this makes sense.

Re: VPN from within the network I need to connect to

OK, understood, with your current setup, having the vpn configured to the outside, this won't work, you will need to apply the same crypto map that you have applied to the outside into the inside interface, as well as enable isakmp on the inside interface too, but that does not end there, you need to enable the command "same-security" to permit intra-interface.

CreatePlease to create content