Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Site-Site issue via VPN client

Hi,

currently I need to connect to remote server via vpn client.

How can i procced with the below setup?

Thanks

  VPN client ----> ASA (192.168.1.1) <----site-site ---> ASA (192.168.2.1) -----> Server (192.168.2.100)

1 REPLY
Cisco Employee

Re: VPN Site-Site issue via VPN client

Are you trying to remote access (VPN Client) to ASA (192.168.1.1), then access resources off the Site-to-Site VPN tunnel on the 192.168.2.100 server?

If that is what you are trying to do, you would need to configure the following:

- Add the remote access ip pool subnet as part of the crypto ACL in your site-to-site vpn crypto ACL

- Add the remote subnet (192.168.2.0/24) subnet in your split tunnel ACL if you configure split tunnel policy for your remote access vpn client.

- Configure "same-security-traffic permit intra-interface" on the 192.168.1.1 ASA.

- Assuming there is no NAT statement on the 192.168.1.1 ASA outside interface, then you would only need to configure NAT exemption on the remote ASA for traffic between remote LAN subnet and ip pool subnet.

Hope that helps.

150
Views
0
Helpful
1
Replies
CreatePlease to create content