Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote user connect to another remote who is connected via L2L VPN

Hi,

It is possible to have a remote user connect to anothor remote user but who is connnect by two ASA which have a Site to site VPN. Each user is on either side of the ASA are is connected via a Site to site VPN by the ASA?

I know that you would have to have the packet come in the outside and then leave the outside again (same security intra etc..., and that there is no need to nat the packets.

Thanks

4 REPLIES
Hall of Fame Super Silver

Remote user connect to another remote who is connected via L2L V

Yes it can be done.

The remote access network (address pool) the users are put into would need to be part of the crypto map acl. Depending on if you have alllowed (not applicable if you prohibit) split tunneling you might also need to specify the respective networks the remote users are assigned to in the network list(s) you push out to the reomte users' routing tables.

New Member

Re: Remote user connect to another remote who is connected via L

Hi Marivn,

Thank you, I missed that...

How can I make sure that the network on side b (client) is pushed out to the client in side A? As both remote users are using split tunnelling?

Just found that i need to add the network in the split tunnell acl, is this correct

Thanks

Hall of Fame Super Silver

Remote user connect to another remote who is connected via L2L V

That's correct, use an acl to specify the desired routes you push to the client and refer your group policy to it.

Cisco has a configuration guide here that covers just that case. See the instructions under "4. Configure Group Policy".

You can verify the routing is working by checking the Details page of the AnyConnect client once connected. It has a tab that shows, among other things, the routes it is pushing to the client. You can also check your host routing tables - e.g. 'route print' under Windows command line.

New Member

Remote user connect to another remote who is connected via L2L V

Thanks,

I have just noticed that both remote users on each side as on the same subnet, how would I over come this Nat?

389
Views
0
Helpful
4
Replies
CreatePlease login to create content