Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote VPN using Site 2 Site VPN

Hello everyone,

I have 2 ASA 5505 firewall, Site 2 Site VPN working between two firewall. I attached visio diagram for my senario. I configured IPsec Remote VPN in ASA-01 firewall, a user able connted to ASA-01 network via modem through remote VPN. As i configured site 2 site VPN between two ASA, Is that possible that through remote VPN a user can able to connect to ASA-02.

Thank you,

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Remote VPN using Site 2 Site VPN

3 things. You must allow traffic to enter/exit same interface at ASA-01

same-security-traffic permit intra-interface

You must then add the new traffic to the existing acl's for the lan to lan vpn. If ASA-02 network is 192.168.2.0/24 and vpn client network is 192.168.10.0/24 it would look like this.

ASA-01

access-list xxx extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0

ASA-02

access-list xxx extended permit ip 192.168.2.0 255.255.255.0 192.168.10.0 255.255.255.0

and also the nat 0 at ASA-02

access-list nat0 extended permit ip 192.168.2.0 255.255.255.0 192.168.10.0 255.255.255.0

nat(inside) 0 access-list nat0

2 REPLIES
New Member

Remote VPN using Site 2 Site VPN

Hi Abhishek,

never done that before, why you're not just RA VPN to ASA02 ?

I think it can be done with hairpinning tough, but never done/test it yet...

HTH,

Vikram

Green

Remote VPN using Site 2 Site VPN

3 things. You must allow traffic to enter/exit same interface at ASA-01

same-security-traffic permit intra-interface

You must then add the new traffic to the existing acl's for the lan to lan vpn. If ASA-02 network is 192.168.2.0/24 and vpn client network is 192.168.10.0/24 it would look like this.

ASA-01

access-list xxx extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0

ASA-02

access-list xxx extended permit ip 192.168.2.0 255.255.255.0 192.168.10.0 255.255.255.0

and also the nat 0 at ASA-02

access-list nat0 extended permit ip 192.168.2.0 255.255.255.0 192.168.10.0 255.255.255.0

nat(inside) 0 access-list nat0

299
Views
0
Helpful
2
Replies