It's possible, try 'same-security intra-interface'
Sent from handheld
On Feb 12, 2012, at 6:20 PM, Andy Dills a...@xecu.net wrote:
I have a customer who has a couple of ASA 5510s connected with a typical
IPsec tunnel, and on one of them he has a 10 seat Anyconnect SSL license.
He'd like for the Anyconnect VPN users to be able to communicate with the
network on the other side of IPsec tunnel. In theory that would work, but
I've found the ASAs to sometimes ignore theory.
I updated the NAT exemption ACL (to include traffic from the VPN users to
the remote network and vice versa), the split-tunnel ACL (to have it
advertise the remote network in addition to the local), and the crypto map
ACL (so that the VPN users are included in the ipsec sa).
It didn't seem to work...I didn't have good access to test, but before I
arrange for better access to really work with it, is this indeed possible?
Any configuration tips?
Thanks,
Andy
---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/