Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
2
Replies

allow traffic through remote client

Go to solution
zeuscyril
Level 4
Level 4

‎09-26-2010 07:07 AM

hi friends,

i ll explain my setup,

i have one asa in datacenter having static ip and then site office also having static ip these two sites are connected using VPN and i configured remote client in the datacenter.

the remote client workers needs to access the site office network . this is my setup.

the problem i am facing is that remote workers they can't able to access site office network.but if i try to ping the vpn pool ip from site office and then if i try

from remote client i can able to access siteoffice from remote client.

please provide me the solution experts

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-26-2010 05:19 PM

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.

There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip

Hope that helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎09-26-2010 05:19 PM

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.

There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip

Hope that helps.

0 Helpful
Customers Also Viewed These Support Documents