Cisco ASA ezvpn with RA vpn

Hi everyone,
I am using ASA 5510 in my head office with WAN public IP. and site office is using DSL line with 2811 router(WAN pppoe), I have configured ezvpn between these sites and everything working fine...
Now i have set up one Remote access vpn with ASA in the same WAN interface...that also working fine.. remote users are able to access HO.
My question is there any way which the remote users can access the site office also..?

please advice


LVL 1
senmohanAsked:
Who is Participating?
 
gavvingCommented:
You also need to enable the command:

same-security-traffic permit intra-interface

This enables the ASA to route traffic in and out the same interface.  As the traffic comes in the RA VPN, and needs to go out the EZVPN the traffic comes in the outside interface and needs to leave via the outside interface.   Like jmeggers said, you have to make sure the NATing is configured correctly to allow this traffic.  For example, if your allocating the IP pool to the RA users to be 192.168.3.0/24, then you need to make sure that IP block is included in your EZVPN setup to allow traffic from your remote site to your head office site.
0
 
John MeggersNetwork ArchitectCommented:
What version of ASA code are you running?  I believe NAT (or more accurately, NAT exclusion) is the key here.  Basically, I suspect you need to ensure you don't try to NAT traffic going to either of the two address pools (remote LAN and VPN pool).  Typically I would recommend being specific with your subnets, but in this case I believe you probably want to exclude "any" going to the address block, and do that both directions (VPN pool and remote LAN).  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.