Solved

Cisco VPN client cannot reach other remote networks through tunnel

Posted on 2008-10-14
3
316 Views
Last Modified: 2012-05-05
Hi all,

I have a Cisco ASA5510 firewall running v7.0(7) which has a Lan 2 Lan VPN with our American office. All users on both Lans can access resources on the other Lan fine.

We also have roaming users who connect to our office via Cisco VPN client software and they can access all our local network resources fine.

However, the roaming users cannot access the American resources, i.e. they connect to our office but cannot then continue through the lan 2 lan vpn successfully. They get correct DNS resolution of the American resources. The roaming VPN has split tunneling enabled, I tried disabling this but it made no change, except blocking any internet access they had.

Is this a limitation of the ASA or is there a config that I'm overlooking?

many thanks,

Alasdair Barclay
0
Comment
Question by:Alasdairb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 250 total points
ID: 22711174
you need to enable hair pinning


To VPN into a security appliance (Cisco PIX or ASA) then come back out of that appliance to another site via VPN is called hair pinning. To do it you need a PIX/ASA that is running version 7.0(1) or above - which you do. .
To enable this on your firewall simply add the following line

same-security-traffic permit intra-interface
0
 

Author Closing Comment

by:Alasdairb
ID: 31505854
Perfect answer and easy to implement - thanks!
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 22719564
ThanQ :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5506 Port Forward 4 63
Cisco AnyConnect VPN 4 42
Objects in Cisco ASA 2 55
Cisco 3650x ACL 8 50
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question