12-09-2011 11:07 PM
The issue I am having is that I have an ASA that provides Lan to Lan VPN and remote access VPN. The Lan to Lan VPN connects to another network where a remote server is located, and the remote vpn connects remote users to the local network. Both vpns currently work, however remote users connecting via the remote access vpn can not connect to the server on the other side of the lan to lan vpn. Below is our setup.
server --- ASA ---- LAN to LAN VPN ------ ASA---- Local LAN
|
|
Remote Access VPN
|
|
Remote Users
In this setup the remote users can access the local LAN, the server can access the local LAN, and the local LAN can access both the server and the remote users. However the server can not access the remote users and the remote users can not access the server. Any ideas on how to get this to work would be deeply appreciated. I have created the NAT rules I believe were neccessary and added the needed address so that the remote vpn user' client application lists the network on the otherside of the LAN to LAN vpn as routable network. Also, I believe all access rules are correct as packet tracers on both sides are successful. However when you try to ping accross from the remote client to the server at the other end of the L2L it fails as does other attempts to access the server like rdp. Does anybody have a step to step on how to setup this type of configuration remote vpn and l2l configured on same asa while allowing both vpns to talk to each other. By the way both ASA are 5505 the one with two vpns in this setup is 8.2 and the one on the other end of the l2l is 7.2. Any help would be appreciated, especially a tuturail or list of commands needed to set this up, as I believe I am probably just missing some small additional configuration I just can't figure it out.
Solved! Go to Solution.
12-10-2011 09:52 AM
Use your favourite search engine for "same-security-traffic permit intra-interface"
Sent from Cisco Technical Support iPad App
12-10-2011 09:52 AM
Use your favourite search engine for "same-security-traffic permit intra-interface"
Sent from Cisco Technical Support iPad App
12-10-2011 08:20 PM
Thank you so much that was exactly what it was, I knew I was missing some small step that was causing this issue, but in trying to resolve it I did end up perfecting my settings for routes and NAT. Thank you Andrew Prince!!!
12-11-2011 02:34 AM
ha ha ha that is perfect then, glad to help.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide