VPN client access to remote VPN sites


I have Cisco ASA that has a site to site Tunnel built to a remote site.

I want my VPN client pool to have access to my ASA's network and to the remote sites

However I do not have access to the remote site's Firewall. Is it possible to still have access without the remote sites modifying their access lists to allow my VPN client POOL?

Who is Participating?
Ernie BeekConnect With a Mentor ExpertCommented:
Even with hairpinning you need to make some changes to the remote firewall so that it 'knows' that traffic to the range of the client pool must enter the VPN and be exempted from NAT.
So the answer is: no, you need to do some modifications on the remote side (site) as well.
Istvan KalmarHead of IT Security Division Commented:

It is possible, you need to configure hairpinnig:


Best regards,
Dan560Author Commented:
That's what I thought.

Thanks anyway
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Ernie BeekExpertCommented:
Thx for the points, sorry that it wasn't the answer you hoped for :-~
Dan560Author Commented:
I just had a thought, and it is probably is unlikely that it will work

But would it be possible to configure my VPN Pool so that is uses the same subnet as my ASA?

Ernie BeekExpertCommented:
Good idea but helas that's not going to work either.
The client VPN terminates on the outside interface of the ASA. This means, when using the same subnet, that the asa would have it's inside subnet on the outside as well. You can imagine what would happen.........
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.