Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn client to site2site networks asa 8.3

I can't tell which access list rule i have wrong or missing here.

my client vpn is solid and so is my site2site. however i'd like to be able to access the .25 network via the vpn connection i make with my asa.

the asa has site to site with a sonicwall which i have setup to access networks 41, 42, and 43 networks on the asa site.

config attached. many thanks for help with this.

Everyone's tags (2)
1 REPLY

Re: vpn client to site2site networks asa 8.3

Hi,

The configuration seems fine.

In order to access the remote Site-to-Site subnet via the VPN client connection to the ASA you should include the remote subnet in the split-tunneling rule and also the VPN pool in the Site-to-Site traffic (and have the NAT config in order).

I think you're missing this command:

same-security-traffic permit intra-interface

This permits communication in and out the same interface (so the VPN client traffic terminates on the outside and can be redirected via the outside to the Site-to-Site tunnel).

The command you currently have is this:

same-security-traffic permit inter-interface

But this one is to allow communication between interfaces with the same security level.

If still does not work, check with the sh cry ips sa if there's an SA being built with the Site-to-Site that includes the VPN client traffic pool.

Federico.

340
Views
0
Helpful
1
Replies
CreatePlease login to create content