Solved

Cisco ASA VPN Clients can not get to other remote locations when connected to Main office

Posted on 2013-11-08
4
436 Views
Last Modified: 2014-04-28
We have a hub and spoke network with Site to Site tunnels to 6 sites from the main site using cisco ASA 5515 at main site and 5505 at remote locations.
We also have Remote Access SSL and IPSEC VPN Setup  for users to connect into the main site via cisco asa client from home offices.
Once they connect, they can access everything on the main office subnet BUT cannot get to any other remote locations subnets that are connected to the main office via Point To Point Tunnels.

For example , VPN-POOL is 10.250.0.101-125
Main Subnet is 192.168.1.0
1 of the other subnet i am looking to connect to is 192.168.250.0
What am i missing?
0
Comment
Question by:icsctech
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
You need toadd the remote VPN subnet to all the site to site cryptomaps

See the following
Cisco Firewall VPN "Hair Pinning"
PL
0
 
LVL 36

Accepted Solution

by:
ArneLovius earned 500 total points
Comment Utility
as well as adding the remote access subnet to each remote site cryptomap, you will also need to add it to NAT exclusions on each remote ASA, and on the main ASA
0
 

Author Comment

by:icsctech
Comment Utility
Many Thanks!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now