ASA Remote VPN access to second office site

I am guessing this is a simple answer to a simple question. I currently have an ASA firewall at my remote datacenter, which has remote VPN clients dialed into it. At my office, I have a Netscreen 25 with a site to site VPN setup between the ASA at the datacenter, and the office. So, lets say this:

Remote Clients:

I am able to traverse the VPN between the two sites, from servers on the inside interface of the ASA's, and servers/workstations on the inside interface of the office. What I am having a problem with, is remote clients using the Cisco VPN client, connecting to the VPN on the ASA, can not access servers at the office, through the site to site VPN. Is this even possible?
Who is Participating?
theeterConnect With a Mentor Commented:
Yes it's possible. You have to add the interesting traffic to your crypto acls on the ASA and the Netscreen.

For example you would have to add this to your ASA...

access-list <crypto_acl> extended permit ip
Pete LongTechnical ConsultantCommented:
Cisco Hair pinning

To VPN into a security appliance (Cisco PIX or ASA) then come back out of that appliance to another site via VPN is called hair pinning. To do it you need a PIX/ASA that is running version 7.0(1) or above. That means you cannot do it on a PIX 501 or 506E.
To enable this on your firewall simply add the following line

same-security-traffic permit intra-interface
malken00Author Commented:
Already have that line in there... :(

The ASA is v8.0(2)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.