Solved

VPN client access to remote VPN sites

Posted on 2011-09-29
6
303 Views
Last Modified: 2012-05-12
Hi,

I have Cisco ASA that has a site to site Tunnel built to a remote site.

I want my VPN client pool to have access to my ASA's network and to the remote sites

However I do not have access to the remote site's Firewall. Is it possible to still have access without the remote sites modifying their access lists to allow my VPN client POOL?

Thanks
0
Comment
Question by:Dan560
  • 3
  • 2
6 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 36814987
HI,

It is possible, you need to configure hairpinnig:

http://www.petenetlive.com/KB/Article/0000040.htm

Best regards,
IStvan
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 36815539
Even with hairpinning you need to make some changes to the remote firewall so that it 'knows' that traffic to the range of the client pool must enter the VPN and be exempted from NAT.
So the answer is: no, you need to do some modifications on the remote side (site) as well.
0
 
LVL 2

Author Comment

by:Dan560
ID: 36815546
That's what I thought.

Thanks anyway
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36815561
Thx for the points, sorry that it wasn't the answer you hoped for :-~
0
 
LVL 2

Author Comment

by:Dan560
ID: 36815574
I just had a thought, and it is probably is unlikely that it will work

But would it be possible to configure my VPN Pool so that is uses the same subnet as my ASA?

0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36815596
Good idea but helas that's not going to work either.
The client VPN terminates on the outside interface of the ASA. This means, when using the same subnet, that the asa would have it's inside subnet on the outside as well. You can imagine what would happen.........
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Juniper SRX 210H Throwing Error umass0: BBB reset failed, IOERROR 4 34
Download Logs File from Cisco Switch 1 46
Cisco WAP POE power 28 79
ISP Change 14 50
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question