[c-nsp] ASA SSL VPN client communicating across IPsec tunnel
Andy Dills
andy at xecu.net
Sun Feb 12 17:37:59 EST 2012
I have a customer who has a couple of ASA 5510s connected with a typical
IPsec tunnel, and on one of them he has a 10 seat Anyconnect SSL license.
He'd like for the Anyconnect VPN users to be able to communicate with the
network on the other side of IPsec tunnel. In theory that would work, but
I've found the ASAs to sometimes ignore "theory".
I updated the NAT exemption ACL (to include traffic from the VPN users to
the remote network and vice versa), the split-tunnel ACL (to have it
advertise the remote network in addition to the local), and the crypto map
ACL (so that the VPN users are included in the ipsec sa).
It didn't seem to work...I didn't have good access to test, but before I
arrange for better access to really work with it, is this indeed possible?
Any configuration tips?
Thanks,
Andy
---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---
More information about the cisco-nsp
mailing list