I have a customer who has a couple of ASA 5510s connected with a typical IPsec tunnel, and on one of them he has a 10 seat Anyconnect SSL license.
He'd like for the Anyconnect VPN users to be able to communicate with the network on the other side of IPsec tunnel. In theory that would work, but I've found the ASAs to sometimes ignore "theory". I updated the NAT exemption ACL (to include traffic from the VPN users to the remote network and vice versa), the split-tunnel ACL (to have it advertise the remote network in addition to the local), and the crypto map ACL (so that the VPN users are included in the ipsec sa). It didn't seem to work...I didn't have good access to test, but before I arrange for better access to really work with it, is this indeed possible? Any configuration tips? Thanks, Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/