Cisco ASA ezvpn with RA vpn

Hi everyone,
I am using ASA 5510 in my head office with WAN public IP. and site office is using DSL line with 2811 router(WAN pppoe), I have configured ezvpn between these sites and everything working fine...
Now i have set up one Remote access vpn with ASA in the same WAN interface...that also working fine.. remote users are able to access HO.
My question is there any way which the remote users can access the site office also..?

please advice


LVL 1
senmohanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John MeggersNetwork ArchitectCommented:
What version of ASA code are you running?  I believe NAT (or more accurately, NAT exclusion) is the key here.  Basically, I suspect you need to ensure you don't try to NAT traffic going to either of the two address pools (remote LAN and VPN pool).  Typically I would recommend being specific with your subnets, but in this case I believe you probably want to exclude "any" going to the address block, and do that both directions (VPN pool and remote LAN).  
0
gavvingCommented:
You also need to enable the command:

same-security-traffic permit intra-interface

This enables the ASA to route traffic in and out the same interface.  As the traffic comes in the RA VPN, and needs to go out the EZVPN the traffic comes in the outside interface and needs to leave via the outside interface.   Like jmeggers said, you have to make sure the NATing is configured correctly to allow this traffic.  For example, if your allocating the IP pool to the RA users to be 192.168.3.0/24, then you need to make sure that IP block is included in your EZVPN setup to allow traffic from your remote site to your head office site.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.