Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
890
Views
0
Helpful
3
Replies

Remote VPN to LAN to LAN VPN issues

Go to solution
pc2g2btru
Level 1
Level 1

‎12-09-2011 11:07 PM

The issue I am having is that I have an ASA that provides Lan to Lan VPN and remote access VPN.  The Lan to Lan VPN connects to another network where a remote server is located, and the remote vpn connects remote users to the local network.  Both vpns currently work, however remote users connecting via the remote access vpn can not connect to the server on the other side of the lan to lan vpn.  Below is our setup.


server  --- ASA ---- LAN to LAN VPN ------ ASA---- Local LAN

                                                                      |

                                                                      |

                                                    Remote Access VPN

                                                                      |

                                                                      |

                                                          Remote Users


In this setup the remote users can access the local LAN, the server can access the local LAN, and the local LAN can access both the server and the remote users.  However the server can not access the remote users and the remote users can not access the server.  Any ideas on how to get this to work would be deeply appreciated.  I have created the NAT rules I believe were neccessary and added the needed address so that the remote vpn user' client application lists the network on the otherside of the LAN to LAN vpn as routable network.  Also, I believe all access rules are correct as packet tracers on both sides are successful.  However when you try to ping accross from the remote client to the server at the other end of the L2L it fails as does other attempts to access the server like rdp.  Does anybody have a step to step on how to setup this type of configuration remote vpn and l2l configured on same asa while allowing both vpns to talk to each other.  By the way both ASA are 5505 the one with two vpns in this setup is 8.2 and the one on the other end of the l2l is 7.2.  Any help would be appreciated, especially a tuturail or list of commands needed to set this up, as I believe I am probably just missing some small additional configuration I just can't figure it out.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎12-10-2011 09:52 AM

Use your favourite search engine for "same-security-traffic permit intra-interface"

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
3 Replies 3

Go to solution
andrew.prince
Level 10
Level 10

‎12-10-2011 09:52 AM

Use your favourite search engine for "same-security-traffic permit intra-interface"

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
pc2g2btru
Level 1
Level 1
In response to andrew.prince

‎12-10-2011 08:20 PM

Thank you so much that was exactly what it was, I knew I was missing some small step that was causing this issue, but in trying to resolve it I did end up perfecting my settings for routes and NAT.  Thank you Andrew Prince!!!

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to pc2g2btru

‎12-11-2011 02:34 AM

ha ha ha that is perfect then, glad to help.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents