Firewall Wizards mailing list archives

Re: Cisco AnyConnect Remote Access to L2L tunnels

From: "Todd Simons" <tsimons () delphi-tech com>
Date: Thu, 11 Jun 2009 08:47:14 -0400

Inline...

A couple questions:
1) Is the ASA a peer for the L2L tunnels?

Yes


2) Are crypto maps for the L2L tunnels on the same interface as the AnyConnect VPN?

Yes


3) Do you have the hairpin enabled?

I think so (lines 48/49 in attached txt)


4) Can you send a copy of the ASA configuration?

Attached.   Note that this is not a production ASA, config is still a work in progress.  This should be considered 
"MainSite" and SiteA, SiteB, SiteC are satellites, RA VPNs terminate here at MainSite and should give access to 
SiteA, Site and (eventually) SiteC.   SiteA has 2 IPSEC Networks, the remote gateway & a /29, SiteB just has the 
remote gateway, Site C will just be a /27.   The tunnels that use the remote gateway are actually used for ingress 
traffic from Sites.


Thanks



On Wed, Jun 10, 2009 at 1:17 PM, Todd Simons<tsimons () delphi-tech com> wrote:

Hello All

We are using the Cisco AnyConnect Client for our remote user's access, with
a global tunnel.   Internally we have a few corporate locations that are
linked by L2L tunnels (lets call it Site A, Site B and Site C).   The Remote
Access clients who connect to Site A can't seem to use the L2L to Site B and
Site C.

Has anyone seen a document explaining how to do this?

Todd Simons

Lead IT Engineer

TSimons () Delphi-Tech com



Delphi Technology, Inc.

303 George Street, 5th Floor

New Brunswick, NJ  08901

www.delphi-tech.com



Experience, Innovation... Results.

## Scanned by Delphi Technology, Inc. ##

CONFIDENTIALITY NOTICE
This e-mail message from Delphi Technology, Inc. is intended only for the
individual or entity to which it is addressed. This e-mail may contain
information that is privileged, confidential and exempt from disclosure
under applicable law. If you are not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you received this e-mail by
accident, please notify the sender immediately and destroy this e-mail and
all copies of it.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


## Scanned by Delphi Technology, Inc. ##

Attachment: asaRA-L2L.txt
Description: asaRA-L2L.txt

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 10)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Eric Gearhart (Jun 12)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Farrukh Haroon (Jun 12)
- Re: Cisco AnyConnect Remote Access to L2L tunnels schilling (Jun 12)
- Re: Cisco AnyConnect Remote Access to L2L tunnels Christopher J. Wargaski (Jun 12)
  - Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 12)
    - Re: Cisco AnyConnect Remote Access to L2L tunnels Christopher J. Wargaski (Jun 14)
    - Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 14)
    - Re: Cisco AnyConnect Remote Access to L2L tunnels Eric Gearhart (Jun 14)
    - Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 16)
    - Re: Cisco AnyConnect Remote Access to L2L tunnels Chris Myers (Jun 19)
    - Re: Cisco AnyConnect Remote Access to L2L tunnels Eric Gearhart (Jun 19)
    - Re: Cisco AnyConnect Remote Access to L2L tunnels Todd Simons (Jun 23)