Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote Access VPN to L2L Tunnel

I am working with a remote site that has their Remote access user terminating on a ASA 7.X device. Between our two locations we have a lan-to-lan tunnel for their access to certain servers we host for statistical purposes.

The problem is, their remote access users can't traverse that L2L tunnel. We have included the IPs that those remote access users use while VPNd in, on both sides of the ACLs defining interesting traffic, but they still can't hit our servers.

I am trying to help the distant end on this troubleshoot; so I was wondering if there was any additional configuration on the ASA device that will allow remote access users to turn around and traverse that L2L tunnel. If anyone has any idea where these guys might be going wrong, I would greatly appreciate the help.

Thanks in advanced.

1 REPLY
New Member

Re: Remote Access VPN to L2L Tunnel

Hi,

You have to configure your ASA to do hairpinning (route traffic out of the same interface). This is the command on the ASA:

same-security-traffic permit intra-interface

Plus, you need to add a no nat statement on the ASA wherein the traffic is from your vpn client pool going to the servers network.

You can use this link for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml#newra

Hope this helps...

Cheers,

lapascua

407
Views
0
Helpful
1
Replies