1. Home
  2. Cisco Systems
  3. Site to Site VPN . Cant Connect To Inside Router Interfaces

Site to Site VPN . Cant Connect To Inside Router Interfaces

Hello..

I have a lan to lan tunnel between 2 sites. Lets say the internal networks are 10.10.70.0/24 and 10.10.80.0/24. All hosts on each side can talk, ping, connect and everything with one another. However I cant get the router inside interfaces where each lan lives.

So from a host on 10.10.70.0/24 I can't get to 10.10.80.1 .. and vice versa (10.10.80.0/24 --> 10.10.70.1).. These are both ASA devices. I'm thinking this has to do directly with the ASA interface security, but i cant figure it out.

All NAT rules, and IP traffic is allowed between these LANs. There shouldnt be any reason, but again I think it has to do with security. Any help is appreciated!

GNY

Reply to
GNY
Loading thread data ...

This is quite normal with Pix/ASA. Traffic that enters on interface must exit another and so you won't be able to access the LAN interface on the remote device as that would require hairpinning the traffic which the ASA will not do. It't the same reason that with a Pix/ASA on the LAN, you can ping the LAN interface (nearest to you) but not the WAN interface.

Chris.

Reply to
Chris

Have a peek at:

PIX/ASA 7.x: SSH/Telnet on the Inside and Outside Interface Configuration Example

formatting link

Reply to
Merv

Chris,

Good to see you again :-)

Thanks for the info.. I guess I'm out of luck then. I was hoping to store some configs using tftp on a server on the other side of the tunnel from the client box. So I guess I'll have to store them locally on a server or allow the tftp traffic from the client to the outside interface and dump it over the outside interface on the remote side also (Static NAT)... Yuck!

See any other solutions?

Thanks again Chris!

GNY

Reply to
GNY

I have all of this configured and worked up already. The problem is what Chris pointed out.

Reply to
GNY

GNY

take a look at this

formatting link
Roman Nakhmanson

Reply to
nakhmanson

this

formatting link

Roman,

I had a look at that and I have intraface enabled.

Thanks again though!

GNY

Reply to
GNY

this

formatting link

I have solved this issue..

It was a combination of ACLs and the management-access INTERFACE command.

I can now successfully get to the inside interface for my needs.

Thanks everyone..

GNY

Reply to
GNY

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.