Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Highlighted
New Member

AnyConnect VPN connection access site-to-site VPN remote

I need our VPN users to be able to access our remote site (Site-to-Site VPN), there is no problem accessing the main site through the VPN. Both sites crypto map have the VPN pool in the crypto map.

Any ideas?

Here is the config Main Site (ASA5520) Inside 192.168.50.0

access-list crypto_vpn_remote-site extended permit ip 192.168.50.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list crypto_vpn_remote-site extended permit ip 192.168.99.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.50.0 255.255.255.0 172.16.1.0  255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.99.0 255.255.255.0 172.16.1.0  255.255.255.0

Remote Site (PIX 515E) Inside 172.16.1.0

access-list crypto_vpn_main-site permit ip 172.16.1.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list crypto_vpn_main-site permit ip 172.16.1.0 255.255.255.0 192.168.99.0 255.255.255.0

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list nonat permit ip 172.16.1.0 255.255.255.0 192.168.99.0 255.255.255.0

VPN  (AnnyConnect) 192.168.99.0

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AnyConnect VPN connection access site-to-site VPN remote

On the main site, pls make sure you have "same-security-traffic permit intra-interface" enabled.

Also, if you have split tunnel configured, please also make sure that it includes the remote LAN (172.16.1.0/24).

Hope that helps.

2 REPLIES
Cisco Employee

Re: AnyConnect VPN connection access site-to-site VPN remote

On the main site, pls make sure you have "same-security-traffic permit intra-interface" enabled.

Also, if you have split tunnel configured, please also make sure that it includes the remote LAN (172.16.1.0/24).

Hope that helps.

New Member

Re: AnyConnect VPN connection access site-to-site VPN remote

That fixed the issue.

Thanks

1532
Views
0
Helpful
2
Replies
CreatePlease login to create content