Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

allow traffic through remote client

hi friends,

i ll explain my setup,

i have one asa in datacenter having static ip and then site office also having static ip these two sites are connected using VPN and i configured remote client in the datacenter.

the remote client workers needs to access the site office network . this is my setup.

the problem i am facing is that remote workers they can't able to access site office network.but if i try to ping the vpn pool ip from site office and then if i try

from remote client i can able to access siteoffice from remote client.

please provide me the solution experts

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: allow traffic through remote client

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.

There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip

Hope that helps.

2 REPLIES
Super Bronze

Re: allow traffic through remote client

I understand that you have the following topology:

1) Lan-to-Lan VPN between Data Center and Site office

2) VPN Client connecting to Data Center, and would also like access to the Site office.

There are a few things that need to be configured for VPN Client to access the Site office:

On the Data Center ASA:

- "same-security-traffic permit intra-interface" command

- Split tunnel ACL needs to include site office LAN

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

On the Site office ASA:

- Crypto ACL for the LAN-to-LAN VPN should include the following:

access-list permit ip

- NAT exemption should include:

access-list permit ip

Hope that helps.

Re: allow traffic through remote client

179
Views
0
Helpful
2
Replies