Solved

VPN client access to remote VPN sites

Posted on 2011-09-29
6
295 Views
Last Modified: 2012-05-12
Hi,

I have Cisco ASA that has a site to site Tunnel built to a remote site.

I want my VPN client pool to have access to my ASA's network and to the remote sites

However I do not have access to the remote site's Firewall. Is it possible to still have access without the remote sites modifying their access lists to allow my VPN client POOL?

Thanks
0
Comment
Question by:Dan560
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
HI,

It is possible, you need to configure hairpinnig:

http://www.petenetlive.com/KB/Article/0000040.htm

Best regards,
IStvan
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
Comment Utility
Even with hairpinning you need to make some changes to the remote firewall so that it 'knows' that traffic to the range of the client pool must enter the VPN and be exempted from NAT.
So the answer is: no, you need to do some modifications on the remote side (site) as well.
0
 
LVL 2

Author Comment

by:Dan560
Comment Utility
That's what I thought.

Thanks anyway
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Thx for the points, sorry that it wasn't the answer you hoped for :-~
0
 
LVL 2

Author Comment

by:Dan560
Comment Utility
I just had a thought, and it is probably is unlikely that it will work

But would it be possible to configure my VPN Pool so that is uses the same subnet as my ASA?

0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Good idea but helas that's not going to work either.
The client VPN terminates on the outside interface of the ASA. This means, when using the same subnet, that the asa would have it's inside subnet on the outside as well. You can imagine what would happen.........
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now