Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote access to LAN2LAN spoke

I have an ASA serving mostly as a data center firewall and as user remote access.  I recently added a LAN2LAN IPsec tunnel to a temporary office.  But I notice that the remote IPsec tunnel can not reach the spoke LAN. 

So imagine home user with laptop 192.168.1.100 and he creates a split IPsec tunnel to the ASA whereby 10.0.0.0/8 is encrypted/tunneled.

No off of the ASA is a LAN to LAN tunnel to an office with IP block 10.10.70.0/24.  How could the home user reach a device at the remote site on the 10.10.70.0 network?  Is this possible?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Remote access to LAN2LAN spoke

There are mutliple examples even on the forums here.

First of all you need to allow U-turn on same interface of ASA (if you terminate crypto on one interface only).

same-security perm intra-interface

Following this you will need to allow remote-access subnet to go to the remote lan-to-lan subnets.

I'd also suggest to add reverse route injection to avoid routing problems on ASA.

Remember that also that remote l2l device will need to be adjusted (possibly nat, routing and access-list adjustments).

Doc example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

1 REPLY
Cisco Employee

Re: Remote access to LAN2LAN spoke

There are mutliple examples even on the forums here.

First of all you need to allow U-turn on same interface of ASA (if you terminate crypto on one interface only).

same-security perm intra-interface

Following this you will need to allow remote-access subnet to go to the remote lan-to-lan subnets.

I'd also suggest to add reverse route injection to avoid routing problems on ASA.

Remember that also that remote l2l device will need to be adjusted (possibly nat, routing and access-list adjustments).

Doc example:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

144
Views
0
Helpful
1
Replies
CreatePlease to create content