Trying to figure out how to configure the VPN client side to access a remote lan.
Lan A - 172.16.17.0 - ASA5505 8.2(3)
Lan B - 188.8.131.52 - ASA5510
Cisco Client - V5
At present there exist a VPN tunnel between Lan A and Lan B. The client has a VPN tunnel to Lan A to run software package X on the Lan A server. The client also needs to run software package Y which needs access to a database on Lan B. The computers on Lan A have no problem using package Y since a VPN tunnel exist between Lan A and Lan B. How can I get the Client to also access Lan B on the same tunnel created when the client connects to Lan A? I can't seem to get packets that are directed to Lan B to cross the Client tunnel to A which would then hopefully move onto the LanA/ LanB tunnel.
First you need to determine can the VPN Client pool network be visible with its original address to the remote site LAN B (no overlaps in between pool and LAN B local networks)
If theres is no problem you will have to configure a NAT0 / NAT Exempt configuration to your outside interface on LAN A ASA to tell that traffic coming from VPN Pool network towards LAN B network will not be NATed
access-list NONAT-OUTSIDE permit ip
nat (outside) 0 access-list NONAT-OUTSIDE
So this should handle that the traffic from VPN Client user towards LAN B would be visible to LAN B with its original IP address.
You will also need to add the traffic between these networks to the configurations of the L2L VPN (between LAN A and LAN B) so the VPN Clients traffic gets forwarded to the L2L VPN between the actual LANs.
The configuration should look something like this:
crypto map match address
The above ACL has to have a line in it for the traffic between vpnpool network and lanb network
access-list L2L-VPN-ENCRYPTIONDOMAIN permit ip
All the above configurations would also need to be on the LAN B VPN device firewall for the connections to work. (Mirror images ofcourse looking from LAN B to LAN A)
Since you havent posted any configurations I don't know what other things might be missing.
access-list inside_outbound_nat0_acl extended permit ip A-LAN 255.255.255.0 object-group B-Lan-Grp access-list inside_outbound_nat0_acl extended permit ip interface inside object-group B-Lan-Grp
access-list outside_cryptomap_80 extended permit ip A-LAN 255.255.255.0 object-group B-Lan-Grp
access-list RemoteUser_splitTunnelAcl extended permit ip A-LAN 255.255.255.0 any
access-list outside_1_cryptomap extended permit ip interface inside object-group B-Lan-Grp access-list outside_cryptomap_dyn_20 extended permit ip any A-LAN 255.255.255.0 access-list outside_cryptomap_dyn_95 extended permit ip any object-group B-Lan-Grp
ip local pool RemoteClient 172.16.17.175-172.16.17.180 mask 255.255.255.0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :