[c-nsp] Remote LAN (IPsec) to Client (anyconnect) w/ ASA
Ryan West
rwest at zyedge.com
Wed Apr 27 11:23:23 EDT 2011
On Wed, Apr 27, 2011 at 11:03:19, Scott Voll wrote:
> Subject: [c-nsp] Remote LAN (IPsec) to Client (anyconnect) w/ ASA
>
> I have an ASA 5510 that I use for both the head end for Anyconnect
> clients and Hub and Spoke IPSec tunnels for Lan to Lan.
>
> beside the no Nat, ACL for interesting traffic, and
> "same-security-traffic permit intra-interface" command is there
> anything else that needs to be done, in order to have the Anyconnect client access the remote IPSec LAN?
>
Without seeing what the interesting traffic ACLs are (private vs public addressing), that should cover it. By default there isn't an outside NAT on a typical firewall deployment, so you shouldn't need to include the AnyConnect pool as part of your no nat.
-ryan
More information about the cisco-nsp
mailing list