Allow AnyConnect client to access over tunneled remote network

radcliff.v · ‎08-22-2013

Hi,

I am new to this forum and would like to seek a good suggestions and advice. I have currently setup 3 site-to-site l2l VPN tunnels and enable AnyConnect SSL-VPN. My setup goes like this:

Remote Site 1 ===> MyASA

MyASA Parameters:

MPLS interface IP: 10.10.10.2 (Connected through MPLS) (peer IP)

Inside interface IP: 172.16.0.1

Remote Site 1 Parameters:

Outside interface IP: 10.10.10.1 (peer IP)

Inside interface IP: 192.168.2.1

Remote Site 2 ===> MyASA

MyASA Parameters:

Outside interface IP: x.x.x.82/29 (Connected to ISP Public) peer IP

Inside interface IP: 172.16.0.1

Server1: 172.16.0.31 to x.x.x.84 (Static NAT)

Server2: 172.16.0.32 to x.x.x.85 (Static NAT)

Server3: 172.16.0.32 to x.x.x.86 (Static NAT)

Accepting only one public IP from the Remote Site 2: x.x.2.176 through the tunnel

Remote Site 2 Paramenters

Outside interface IP: x.x.3.12 (peer IP)

Remote Site 3 ===> MyASA

MyASA Parameters:

Outside interface IP: x.x.x.82/29 (Connected to ISP Public) peer IP

Inside interface IP: 172.16.0.1

All local networks going in to tunnel is D-NAT to x.x.x.83

AnyConnect Pool: 192.168.244.0/24

Remote Site 3 Paramenters

Outside interface IP: x.x.4.23 (peer IP)

Only accepting request from x.x.x.83 through the tunnel.

Now my problem is I am having a hard time allowing my AnyConnect clients and remote clients from Remote Site1 to initiate the tunnel to the remote site 3. Local networks has no problem initiating the tunnel.

Your humble suggestion is greatly appreciated

Jeet Kumar · ‎08-29-2013

Are you trying to connect the client on Remote site 3.

Or do you mean to say that CLients are connecting to your ASA and they are not able to access the network behind the remote site 3.

Please clarify so that we can try to fix it.