Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote Site and Site-to-Site VPN Combination

Hi,

I am trying to design a VPN solution (Network Diagram attached). Requirement is to allow remote site VPN user to get into offshore network and then that user should access onsite application through existing site-to-site tunnel between onsite and offshore network.

Remote user can successfully get into offshore network but he is not able to access onsite application through existing site-to-site VPN tunnel. I checked the PIX firewall logs and it showing me error with syslog ID 302014(Flow is a loopback).

Has anybody worked on such design?

Regards,

Akshay

8 REPLIES

Re: Remote Site and Site-to-Site VPN Combination

What version of IOS is the PIX running? You need 3 things:-

1) Allow the remote VPN IP Subnet in the encryption domain for the site-2-site - both ends

2) Ensure the remote VPN IP subnet is included in the no-nat config.

3) "Same security traffic" is permited - only in PIX IOS ver 7.x/8.x only.

HTH>

New Member

Re: Remote Site and Site-to-Site VPN Combination

Thanks for your quick response.

IP pool which I used for remote VPN users is a part of the internal subnet used in site-to-site encryption domain. Hence first two points mentioned by you are covered. I did try 'same-security-traffic permit intra-interface' but that didn't make any difference. I am still getting the same error.

Re: Remote Site and Site-to-Site VPN Combination

What version of software are you running on the PIX/ASA?

New Member

Re: Remote Site and Site-to-Site VPN Combination

PIX ver 8.0(4)28

Re: Remote Site and Site-to-Site VPN Combination

So you have added the config "same-security-traffic permit intra-interface" ??

New Member

Re: Remote Site and Site-to-Site VPN Combination

Yes this command is configured.

Re: Remote Site and Site-to-Site VPN Combination

Post your config for review, remove sensitive information.

New Member

Re: Remote Site and Site-to-Site VPN Combination

Config attached herewith.

444
Views
0
Helpful
8
Replies
CreatePlease to create content