[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

Cisco VPN client cannot reach other remote networks through tunnel

Hi all,

I have a Cisco ASA5510 firewall running v7.0(7) which has a Lan 2 Lan VPN with our American office. All users on both Lans can access resources on the other Lan fine.

We also have roaming users who connect to our office via Cisco VPN client software and they can access all our local network resources fine.

However, the roaming users cannot access the American resources, i.e. they connect to our office but cannot then continue through the lan 2 lan vpn successfully. They get correct DNS resolution of the American resources. The roaming VPN has split tunneling enabled, I tried disabling this but it made no change, except blocking any internet access they had.

Is this a limitation of the ASA or is there a config that I'm overlooking?

many thanks,

Alasdair Barclay
0
Alasdairb
Asked:
Alasdairb
  • 2
1 Solution
 
Pete LongConsultantCommented:
you need to enable hair pinning


To VPN into a security appliance (Cisco PIX or ASA) then come back out of that appliance to another site via VPN is called hair pinning. To do it you need a PIX/ASA that is running version 7.0(1) or above - which you do. .
To enable this on your firewall simply add the following line

same-security-traffic permit intra-interface
0
 
AlasdairbAuthor Commented:
Perfect answer and easy to implement - thanks!
0
 
Pete LongConsultantCommented:
ThanQ :)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now