[c-nsp] asa 5510, remote access vpn, resources across lan-to-lan

ryanL ryan.landry at gmail.com
Mon Sep 1 10:57:22 EDT 2014


hi,

i'm hopefully going to find someone who's done this before, or who has
better google-fu than me. asa is not my strong suit.

i have users vpn'ing (ipsec) into one 5510, accessing various corp
resources there. the vpn pool isn't routed - i just nat it to one of the
various inside interfaces depending on which vlan they're trying to hit.
works fine.

that particular 5510 has a l-2-l ipsec to a different 5510, which also has
its own inside resources. if i vpn into it directly, i can hit those inside
resources no problem.

the question is - how do i get the vpn users hitting the first 5510 to
reach the resources behind the second 5510?

i know i'm close, as i'm at least triggering the l-2-l tunnel to be setup
when vpn'd into the first 5510 and trying to reach the second 5510's
resources. i'm just missing some nat, or something...

appreciated.

ryan


More information about the cisco-nsp mailing list