Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

using remote clinet access site to site network

hi friends,

here is my scenario,

i have site to site tunnel between dubaidata center  to india, from dubai datacenter to dubai office leased line is there so i can communicate with india network also via leasedline through vpn

now i am configuring remoteclient in dubai datacenter asa , and i am connecting from my dubai office to dubai dc through remote client ,is it possible i can access india network through this remote client because my leased line in down between dubai office to dubai dc.

give me sugg ASAP

thanks

6 REPLIES
Green

Re: using remote clinet access site to site network

So you want to remote vpn into dubai data center then take the vpn tunnel to india?

You need to add this traffic to your crypto acl's for the site to site tunnel and allow intra-interface traffic on dubai data center ASA.

dubai dc ASA

same-security-traffic permit intra-interface

access-list extended permit ip

india ASA

access-list extended permit ip

access-list extended permit ip

Also, if you are split tunneling at dubai dc, make sure you add the india network to the split tunnel acl.

New Member

Re: using remote clinet access site to site network

hi,

i tried what you are given to me still no

data center:

access-list vpn-aldafra extended permit ip 10.83.32.0 255.255.255.0 10.83.38.0 2
55.255.255.0
access-list vpn-aldafra extended permit ip 192.168.80.0 255.255.255.0 10.83.38.0
255.255.255.0

India:

ip access-list extended VPN
permit ip 10.83.38.0 0.0.0.255 10.83.32.0 0.0.0.255
permit ip 10.83.38.0 0.0.0.255 192.168.80.0 0.0.0.255
ip access-list extended internet
deny   ip 10.83.38.0 0.0.0.255 10.83.32.0 0.0.0.255
deny   ip 10.83.38.0 0.0.0.255 192.168.80.0 0.0.0.255
permit ip 10.83.38.0 0.0.0.255 any

10.83.32.0--dc

10.83.38.0 -- india

192.168.80.0 ---remote

thanks

cyril

New Member

Re: using remote clinet access site to site network

hi,

i am able to access the site to site network ,

but once i connected the vpn client i got one IP from VPN pool ip.

once ip ping the ip from other side then only i can able to success

Super Bronze

Re: using remote clinet access site to site network

If you have split tunnel configured, you also need to include india LAN (10.83.38.0/24).

New Member

Re: using remote clinet access site to site network

i added in split tunnel already,

what happening you know ,

foreaxmple i am getting 192.168.80.107 ip once i connected through client

then i need to ping from india to this ip then only the communication happening

thanks

Super Bronze

Re: using remote clinet access site to site network

Do you have CBAC configured on India router? Any access-list configured on the outside interface? Can you share the India router config?

472
Views
0
Helpful
6
Replies