[c-nsp] asa 5510, remote access vpn, resources across lan-to-lan

John Kougoulos john.kougoulos at gmail.com
Mon Sep 1 11:24:13 EDT 2014


it could be nat but this depends on your routing config. It could also be
that this command is required:
same-security-traffic permit intra-interface


On Mon, Sep 1, 2014 at 4:57 PM, ryanL <ryan.landry at gmail.com> wrote:

> hi,
> i'm hopefully going to find someone who's done this before, or who has
> better google-fu than me. asa is not my strong suit.
> i have users vpn'ing (ipsec) into one 5510, accessing various corp
> resources there. the vpn pool isn't routed - i just nat it to one of the
> various inside interfaces depending on which vlan they're trying to hit.
> works fine.
> that particular 5510 has a l-2-l ipsec to a different 5510, which also has
> its own inside resources. if i vpn into it directly, i can hit those inside
> resources no problem.
> the question is - how do i get the vpn users hitting the first 5510 to
> reach the resources behind the second 5510?
> i know i'm close, as i'm at least triggering the l-2-l tunnel to be setup
> when vpn'd into the first 5510 and trying to reach the second 5510's
> resources. i'm just missing some nat, or something...
> appreciated.
> ryan
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list