[c-nsp] ASA SSL VPN client communicating across IPsec tunnel
Ryan West
rwest at zyedge.com
Sun Feb 12 19:06:19 EST 2012
It's possible, try 'same-security intra-interface'
Sent from handheld
On Feb 12, 2012, at 6:20 PM, "Andy Dills" <andy at xecu.net> wrote:
>
> I have a customer who has a couple of ASA 5510s connected with a typical
> IPsec tunnel, and on one of them he has a 10 seat Anyconnect SSL license.
>
> He'd like for the Anyconnect VPN users to be able to communicate with the
> network on the other side of IPsec tunnel. In theory that would work, but
> I've found the ASAs to sometimes ignore "theory".
>
> I updated the NAT exemption ACL (to include traffic from the VPN users to
> the remote network and vice versa), the split-tunnel ACL (to have it
> advertise the remote network in addition to the local), and the crypto map
> ACL (so that the VPN users are included in the ipsec sa).
>
> It didn't seem to work...I didn't have good access to test, but before I
> arrange for better access to really work with it, is this indeed possible?
> Any configuration tips?
>
> Thanks,
> Andy
>
> ---
> Andy Dills
> Xecunet, Inc.
> www.xecu.net
> 301-682-9972
> ---
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list