[c-nsp] asa 5510, remote access vpn, resources across lan-to-lan

ryanL ryan.landry at gmail.com
Mon Sep 1 10:57:22 EDT 2014


i'm hopefully going to find someone who's done this before, or who has
better google-fu than me. asa is not my strong suit.

i have users vpn'ing (ipsec) into one 5510, accessing various corp
resources there. the vpn pool isn't routed - i just nat it to one of the
various inside interfaces depending on which vlan they're trying to hit.
works fine.

that particular 5510 has a l-2-l ipsec to a different 5510, which also has
its own inside resources. if i vpn into it directly, i can hit those inside
resources no problem.

the question is - how do i get the vpn users hitting the first 5510 to
reach the resources behind the second 5510?

i know i'm close, as i'm at least triggering the l-2-l tunnel to be setup
when vpn'd into the first 5510 and trying to reach the second 5510's
resources. i'm just missing some nat, or something...



More information about the cisco-nsp mailing list