Announcement

Collapse
No announcement yet.

Cisco ipsec client remote subnet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco ipsec client remote subnet

    Hello I have two office connected with a asa 5510
    ASA1 192.168.1.0/24
    ASA2 192.168.2.0/24

    Between this asa is a ipsec tunnel.

    My employees connects with a cisco ipsec vpn client to asa1, They can connect the network. Some people must also have a connection to the 192.168.2.0/24, is it possible to connect to asa1 with the ipsec vpnclient and that the 192.168.2.0/24 also is avaible.

  • #2
    Re: Cisco ipsec client remote subnet

    Should be.

    What IP range is your vpn client getting ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Cisco ipsec client remote subnet

      I tried 192.168.1.10 -192.168.1.15 255.255.255.0 as pool
      and i tried 192.168.3.10 - 192.168.3.15 255.255.255.0 as pool

      Comment


      • #4
        Re: Cisco ipsec client remote subnet

        ok.. I (thnk) the reason it;'s not working is you probably aren't allowing traffic from whatever your front_vpn iterface is, onto your second site

        if that makes sense?

        like, on 192.168.1.0 network, your router has 3 interfaces:
        a public, a private, and a vpn
        the vpn-clients terminate on the VPN interface.. you need to ensure you have an ACL allowing traffic from that interface to both the private, and vpn interfaces
        (and routes)

        just for easy-sake, I'd use 192.168.3.0 for the vpn-client network (obviously, means some more aCLs and routes, but makes it a bit easier to understand i fele
        )
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Cisco ipsec client remote subnet

          On asa2 create a nat exempt rule for the 192.168.2.0 / 192.158.3.0, and on the asa2 in de crypto map 192.168.52.0 as remote location?

          on the asa1 must i change anything??

          Comment

          Working...
          X