1

Here’s my scenario.

I have 2 offices and a remote worker. Office 1: 192.168.11.0/24 – Cisco ASA 5505, ASA 8.2(5) Office 2: 192.168.12.0/24 – Cisco ASA 5505, ASA 8.2(5) Office 2 printer: 192.168.12.50 Remote workers 192.168.54.0/24 – Cisco Anyconnect client 3.1

Office 1 and 2 are connected with a site to site VPN. The remote worker connects with the anyconnect client to office 1. There’s a printer installed in office 2 that the user needs to print to.

Office 1 can talk to both the remote workers network and to the office 2 network, but the remote workers network cannot talk to office 2 network, and vice versa. I’ve tried adding routes and firewall rules to both of the ASAs, but I’m not completely sure which interface to apply the routes and rules to, or if there’s anything else that I’m missing to get connectivity between office 2 and the remote workers. Any help would be greatly appreciated! Office 1 config (main office) Main office

Result of the command: "sh run"

: Saved : ASA Version 8.2(5) ! hostname BHBBJASA [...] ! interface Vlan1 nameif inside security-level 100 ip address 192.168.11.253 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address [External IP] 255.255.255.224 ! interface Vlan22 description Secondary ISP Internet line for backup Internet in the event of Primary ISP failure. no nameif security-level 0 ip address Secondary ISP 255.255.255.252 ! interface Vlan32 no forward interface Vlan2 nameif SIP security-level 0 ip address New_SIP 255.255.255.224 ! ftp mode passive dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 192.168.11.231 name-server 8.8.8.8 domain-name medserv.local same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network WESTPARKMEDITECH network-object host [External IP] network-object host [External IP] network-object host [External IP] network-object host [External IP] network-object host [External IP] network-object host [External IP] network-object host [External IP] object-group network DM_INLINE_NETWORK_1 network-object host WPHPACS group-object WESTPARKMEDITECH object-group network PVHCPACS network-object host PVHPACS1 network-object host PVHPACS2 network-object host PVHPACS3 object-group network 192 network-object 192.168.1.0 255.255.255.0 object-group service tcp tcp port-object eq 3389 object-group network DM_INLINE_NETWORK_2 network-object host WPHPACS network-object [External IP] 255.255.255.0 network-object host [External IP] network-object host [External IP] network-object host WPHPACS6_5Upgrade object-group network voice-data network-object 192.168.121.0 255.255.255.0 network-object 192.168.221.0 255.255.255.0 object-group network inside-data-voice network-object 192.168.11.0 255.255.255.0 network-object 192.168.21.0 255.255.255.0 object-group network DM_INLINE_NETWORK_4 network-object OmniMRI-Pacs 255.255.255.0 network-object host OmniMRI object-group protocol DM_INLINE_PROTOCOL_2 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_3 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_4 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group network DM_INLINE_NETWORK_5 network-object OmniMRI-Pacs 255.255.255.0 network-object host OmniMRI object-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group protocol DM_INLINE_PROTOCOL_5 protocol-object ip protocol-object icmp protocol-object udp protocol-object tcp object-group service VOIP-SIP_for_PhoneSystem service-object tcp-udp range 10000 20000 service-object tcp-udp eq 143 service-object tcp-udp eq 22 service-object tcp-udp eq 443 service-object tcp-udp range sip 5062 service-object tcp-udp eq 5222 service-object tcp-udp eq 5269 service-object tcp-udp eq 843 service-object tcp-udp eq www service-object tcp eq sip object-group network DM_INLINE_NETWORK_3 network-object host WPHPACS network-object [External IP] 255.255.255.0 object-group network DM_INLINE_NETWORK_6 network-object host WPHPACS network-object host WPHPACS6_5Upgrade object-group protocol TCPUDP protocol-object udp protocol-object tcp object-group service DM_INLINE_SERVICE_1 service-object tcp-udp service-object ip group-object VOIP-SIP_for_PhoneSystem object-group service DM_INLINE_SERVICE_2 service-object tcp-udp service-object ip group-object VOIP-SIP_for_PhoneSystem object-group service DM_INLINE_SERVICE_3 service-object ip group-object VOIP-SIP_for_PhoneSystem object-group service DM_INLINE_SERVICE_4 service-object ip group-object VOIP-SIP_for_PhoneSystem object-group network DM_INLINE_NETWORK_7 network-object Platinum_Office 255.255.255.0 network-object Worland_Office 255.255.255.0 object-group network DM_INLINE_NETWORK_8 network-object 192.168.11.0 255.255.255.0 network-object Worland_Office 255.255.255.0 object-group network DM_INLINE_NETWORK_11 network-object 192.168.11.0 255.255.255.0 network-object Worland_Office 255.255.255.0 object-group protocol DM_INLINE_PROTOCOL_6 protocol-object ip protocol-object icmp object-group service DM_INLINE_TCP_2 tcp port-object eq 3389 port-object eq 50000 object-group network DM_INLINE_NETWORK_10 network-object host Washakie_PACS_Live network-object host Washakie_Pacs_Test object-group network DM_INLINE_NETWORK_12 network-object host Washakie_PACS_Live network-object host Washakie_Pacs_Test object-group network DM_INLINE_NETWORK_13 network-object host Washakie_PACS_Live network-object host Washakie_Pacs_Test object-group network DM_INLINE_NETWORK_14 network-object host Washakie_PACS_Live network-object host Washakie_Pacs_Test object-group network DM_INLINE_NETWORK_15 network-object host Washakie_PACS_Live network-object host Washakie_Pacs_Test object-group network DM_INLINE_NETWORK_16 network-object 192.168.11.0 255.255.255.0 network-object Platinum_Office 255.255.255.0 object-group network VPN-Network object-group protocol DM_INLINE_PROTOCOL_7 protocol-object ip protocol-object udp protocol-object tcp protocol-object icmp object-group protocol DM_INLINE_PROTOCOL_8 protocol-object ip protocol-object udp protocol-object tcp protocol-object icmp access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS access-list inside_nat0_outbound extended permit ip host [External IP] host 192.168.11.15 access-list inside_nat0_outbound extended permit ip any 192.168.221.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 192.168.121.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip object-group inside-data-voice object-group voice-data access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 OmniMRI-Pacs 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 access-list outside_cryptomap_1 extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS access-list Gottschi_access_in extended permit ip any any access-list Gottschi_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 any access-list inside_access_in extended permit ip any any access-list inside_access_in extended permit tcp host PhoneSystemPublicIP any eq https inactive access-list inside_access_in extended permit tcp host PhoneSystem any eq https inactive access-list inside_access_in extended permit tcp any host [External IP] eq 3389 access-list inside_access_in extended permit tcp any any eq 3389 access-list inside_access_in extended permit tcp any any eq https access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 access-list inside_access_in extended permit ip any [External IP] 255.255.255.0 access-list inside_access_in extended permit ip any host New_SIP access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_3 Platinum_Office 255.255.255.0 any access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_4 Worland_Office 255.255.255.0 any access-list inside_access_in extended permit tcp any host [External IP] eq https access-list inside_access_in extended permit tcp host Opal-Rad-PACS host [External IP] eq 50000 inactive access-list inside_access_in extended permit ip Washakie 255.255.255.0 192.168.11.0 255.255.255.0 access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_12 any access-list inside_access_in extended permit ip host Hot_Springs_PACS 192.168.11.0 255.255.255.0 access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_8 RemoteAccessNetwork 255.255.255.0 any access-list outside_in extended permit tcp any host [External IP] eq 3389 access-list outside_in extended permit ip 192.168.1.0 255.255.255.0 any access-list outside_in extended permit tcp host [External IP] 192.168.11.0 255.255.255.0 access-list outside_in extended permit udp host [External IP] 192.168.11.0 255.255.255.0 access-list outside_in extended permit ip host [External IP] 192.168.11.0 255.255.255.0 access-list outside_in extended permit icmp any any access-list outside_in extended permit icmp host [External IP] 192.168.11.0 255.255.255.0 access-list outside_in extended permit tcp any host [External IP] object-group DM_INLINE_TCP_2 access-list outside_in extended permit tcp any host [External IP] eq https access-list outside_in extended permit object-group VOIP-SIP_for_PhoneSystem any host PhoneSystemPublicIP access-list outside_in extended permit ip any host PhoneSystemPublicIP inactive access-list outside_in extended permit tcp host PhoneSystemPublicIP any eq https inactive access-list outside_in extended permit ip any any access-list outside_in extended permit tcp any any eq https access-list outside_in extended permit object-group DM_INLINE_PROTOCOL_6 object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_11 access-list outside_in extended permit ip [External IP] 255.255.255.0 192.168.11.0 255.255.255.0 access-list outside_in extended permit icmp any host New_SIP access-list outside_in extended permit ip any host New_SIP access-list outside_in extended permit object-group DM_INLINE_SERVICE_2 Platinum_Office 255.255.255.0 any access-list outside_in extended permit object-group DM_INLINE_SERVICE_1 Worland_Office 255.255.255.0 any access-list outside_in extended permit ip 192.168.11.0 255.255.255.0 Washakie 255.255.255.0 access-list outside_in extended permit ip Washakie 255.255.255.0 192.168.11.0 255.255.255.0 access-list outside_in extended permit ip object-group DM_INLINE_NETWORK_13 any access-list outside_in extended permit ip host Hot_Springs_PACS 192.168.11.0 255.255.255.0 access-list outside_in extended permit tcp any host [External IP] eq 8080 access-list outside_in extended permit object-group DM_INLINE_PROTOCOL_7 RemoteAccessNetwork 255.255.255.192 any access-list outside_cryptomap extended permit ip 192.168.11.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list deleteme extended permit ip host [External IP] any inactive access-list deleteme extended permit ip host [External IP] any access-list inside_nat0_outbound_1 extended permit ip host [External IP] any access-list inside_nat0_outbound_1 extended permit icmp host [External IP] any access-list outside_nat0_outbound extended permit ip host [External IP] any access-list outside_nat0_outbound extended permit icmp host [External IP] any access-list outside_nat0_outbound_1 extended permit ip host [External IP] host 192.168.11.15 access-list outside_nat0_outbound_1 extended permit ip RemoteAccessNetwork 255.255.255.0 any access-list remoteaccess_splittunnelacl standard permit 192.168.11.0 255.255.255.0 access-list remoteaccess_splittunnelacl standard permit 192.168.21.0 255.255.255.0 access-list remoteaccess_splittunnelacl standard permit 192.168.221.0 255.255.255.0 access-list remoteaccess_splittunnelacl standard permit 192.168.121.0 255.255.255.0 access-list remoteaccess_splittunnelacl standard permit RemoteAccessNetwork 255.255.255.0 access-list remoteaccess_splittunnelacl standard permit Worland_Office 255.255.255.0 access-list remoteaccess_splittunnelacl standard permit Platinum_Office 255.255.255.0 access-list outside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 OmniMRI-Pacs 255.255.255.0 access-list outside_nat0_outbound_2 extended permit ip [External IP] 255.255.255.0 object-group DM_INLINE_NETWORK_16 access-list outside_nat0_outbound_2 extended permit ip object-group DM_INLINE_NETWORK_15 192.168.11.0 255.255.255.0 access-list outside_cryptomap_2 extended permit ip object-group inside-data-voice object-group voice-data access-list mycap extended permit ip host [External IP] host [External IP] access-list mycap extended permit ip host [External IP] host [External IP] access-list outside_5_cryptomap extended permit object-group DM_INLINE_PROTOCOL_5 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 access-list outside_cryptomap_3 extended permit ip object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_2 access-list inside_access_out extended permit ip host PhoneSystem any inactive access-list inside_access_out extended permit tcp any any eq https access-list inside_access_out extended permit ip any any access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_6 access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_7 access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 Washakie 255.255.255.0 access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_14 access-list inside_nat0_outbound_2 extended permit ip Platinum_Office 255.255.255.0 host WPHPACS access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 host Hot_Springs_PACS access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 RemoteAccessNetwork 255.255.255.192 access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 192.168.11.0 255.255.255.0 access-list outside_cryptomap_4 extended permit ip 192.168.11.0 255.255.255.0 Platinum_Office 255.255.255.0 access-list SIP_access_in extended permit ip any any access-list SIP_access_in extended permit ip 192.168.11.0 255.255.255.0 any access-list outside_cryptomap_5 extended permit ip 192.168.11.0 255.255.255.0 Worland_Office 255.255.255.0 access-list outside_cryptomap_6 extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS access-list outside_9_cryptomap extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_10 access-list outside_cryptomap_7 extended permit ip 192.168.11.0 255.255.255.0 host Hot_Springs_PACS pager lines 24 logging enable logging asdm debugging mtu inside 1500 mtu outside 1500 mtu SIP 1500 ip local pool Remoteusers 192.168.54.1-192.168.54.50 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside icmp permit any outside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound_2 nat (inside) 1 0.0.0.0 0.0.0.0 nat (outside) 0 access-list outside_nat0_outbound_2 nat (outside) 0 access-list outside_nat0_outbound_1 outside static (inside,outside) tcp [External IP] 3389 domain.local 3389 netmask 255.255.255.255 static (inside,outside) tcp [External IP] https domain.local https netmask 255.255.255.255 static (inside,outside) tcp interface https Opal-Rad-PACS https netmask 255.255.255.255 static (inside,outside) PhoneSystemPublicIP PhoneSystem netmask 255.255.255.255 access-group inside_access_in in interface inside access-group inside_access_out out interface inside access-group outside_in in interface outside route outside 0.0.0.0 0.0.0.0 [External IP] 10 route inside Platinum_Office 255.255.255.0 192.168.12.1 1 route inside RemoteAccessNetwork 255.255.255.0 192.168.54.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.1.0 255.255.255.0 inside http 192.168.11.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart no sysopt connection permit-vpn crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 1 match address outside_cryptomap_3 crypto map outside_map 1 set pfs crypto map outside_map 1 set peer [External IP] crypto map outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 2 match address outside_cryptomap_1 crypto map outside_map 2 set peer [External IP] crypto map outside_map 2 set transform-set ESP-3DES-MD5 ESP-3DES-SHA crypto map outside_map 2 set reverse-route crypto map outside_map 3 match address outside_cryptomap crypto map outside_map 3 set peer [External IP] crypto map outside_map 3 set transform-set ESP-3DES-MD5 crypto map outside_map 3 set reverse-route crypto map outside_map 4 match address outside_cryptomap_2 crypto map outside_map 4 set peer [External IP] crypto map outside_map 4 set transform-set ESP-3DES-SHA crypto map outside_map 5 match address outside_5_cryptomap crypto map outside_map 5 set peer OmniMRI crypto map outside_map 5 set transform-set ESP-3DES-SHA crypto map outside_map 5 set reverse-route crypto map outside_map 6 match address outside_cryptomap_4 crypto map outside_map 6 set pfs group1 crypto map outside_map 6 set peer [External IP] crypto map outside_map 6 set transform-set ESP-3DES-SHA crypto map outside_map 7 match address outside_cryptomap_5 crypto map outside_map 7 set peer [External IP] crypto map outside_map 7 set transform-set ESP-3DES-SHA crypto map outside_map 8 match address outside_cryptomap_6 crypto map outside_map 8 set peer [External IP] crypto map outside_map 8 set transform-set ESP-3DES-MD5 crypto map outside_map 9 match address outside_9_cryptomap crypto map outside_map 9 set pfs group1 crypto map outside_map 9 set peer [External IP] crypto map outside_map 9 set transform-set ESP-3DES-SHA crypto map outside_map 10 match address outside_cryptomap_7 crypto map outside_map 10 set pfs crypto map outside_map 10 set peer [External IP] crypto map outside_map 10 set transform-set ESP-AES-256-MD5 ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-128-MD5 ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP crypto map outside_map interface outside crypto ca trustpoint BHB_ASDM_TrustPoint0 enrollment self subject-name CN=medserv.local keypair VPN crl configure crypto ca certificate chain BHB_ASDM_TrustPoint0 certificate ************************* quit crypto isakmp enable inside crypto isakmp enable outside crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 28800 crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400 crypto isakmp policy 30 authentication rsa-sig encryption 3des hash sha group 2 lifetime 86400 crypto isakmp ipsec-over-tcp port 10000 telnet 192.168.11.0 255.255.255.0 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd dns 192.168.11.250 dhcpd auto_config outside ! dhcpd auto_config outside interface inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point BHB_ASDM_TrustPoint0 outside webvpn port 8080 enable outside portal-access-rule 1 permit any svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 regex "Windows NT" svc profiles BHB_remote disk0:/bhb_remote.xml svc enable tunnel-group-list enable group-policy DfltGrpPolicy attributes group-policy "Omni Imaging" internal group-policy "Omni Imaging" attributes vpn-tunnel-protocol IPSec l2tp-ipsec group-policy GroupPolicy7 internal group-policy GroupPolicy7 attributes vpn-tunnel-protocol IPSec group-policy GroupPolicy6 internal group-policy GroupPolicy6 attributes vpn-tunnel-protocol IPSec group-policy GroupPolicy5 internal group-policy GroupPolicy5 attributes vpn-tunnel-protocol IPSec group-policy GroupPolicy4 internal group-policy GroupPolicy4 attributes vpn-tunnel-protocol IPSec group-policy GroupPolicy3 internal group-policy GroupPolicy3 attributes vpn-tunnel-protocol IPSec l2tp-ipsec group-policy GroupPolicy2 internal group-policy GroupPolicy2 attributes vpn-tunnel-protocol IPSec group-policy GroupPolicy1 internal group-policy GroupPolicy1 attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn group-policy PVHC internal group-policy remoteaccess internal group-policy remoteaccess attributes dns-server value 192.168.11.250 vpn-access-hours none vpn-idle-timeout none vpn-session-timeout none vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value remoteaccess_splittunnelacl default-domain value bhbbj.local nem enable webvpn url-list none group-policy bhbremote internal group-policy bhbremote attributes dns-server value 4.4.2.2 8.8.8.8 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn default-domain value medserv.local group-policy internal group-policy attributes vpn-filter none vpn-tunnel-protocol IPSec group-policy WPH internal group-policy WPH attributes vpn-tunnel-protocol IPSec l2tp-ipsec webvpn username admin password ************************ encrypted privilege 15 username vpntunnel password ******************* encrypted username vpntunnel attributes vpn-group-policy remoteaccess username cerium password ********************* encrypted privilege 15 username ltemplin password ******************* encrypted username ltemplin attributes vpn-group-policy bhbremote tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] general-attributes default-group-policy WPH tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] general-attributes default-group-policy GroupPolicy1 tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group remoteaccess type remote-access tunnel-group remoteaccess general-attributes address-pool (inside) remoteusers address-pool (inside) Remoteusers default-group-policy remoteaccess tunnel-group remoteaccess ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] general-attributes default-group-policy tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] general-attributes default-group-policy "Omni Imaging" tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] general-attributes default-group-policy GroupPolicy6 tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] general-attributes default-group-policy GroupPolicy5 tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group [External IP] type ipsec-l2l tunnel-group [External IP] ipsec-attributes pre-shared-key ***** tunnel-group bhbremote type remote-access tunnel-group bhbremote general-attributes address-pool Remoteusers default-group-policy bhbremote tunnel-group bhbremote ipsec-attributes pre-shared-key ***** tunnel-group BHB_VPN type remote-access tunnel-group BHB_VPN general-attributes address-pool Remoteusers tunnel-group BHB_VPN ipsec-attributes trust-point BHB_ASDM_TrustPoint0 tunnel-group BHB type remote-access tunnel-group BHB general-attributes address-pool (inside) Remoteusers address-pool Remoteusers default-group-policy remoteaccess tunnel-group BHB webvpn-attributes group-alias BHB enable group-url https://[External IP]/BHB enable ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global : end
Improve this question
6
  • If you post your configurations, we can give you specific advice. Otherwise @gohu 's answer is as specific as we can do. Commented Jun 20, 2017 at 15:42
  • I added the config for the main office (office 1) I couldn't add the config for office 2 because it was over the character limit. Commented Jun 20, 2017 at 17:23
  • Does the remote office have a route to the remote users? Commented Jun 20, 2017 at 18:43
  • These are the routes I have setup on the remote office. route outside 0.0.0.0 0.0.0.0 [External IP] 10 route outside Main-Campus 255.255.255.0 192.168.11.1 1 route inside RemoteAccess 255.255.255.0 192.168.11.1 1 Commented Jun 20, 2017 at 19:46
  • Change the last line to route outside RemoteAccess 192.168.11.1 Commented Jun 20, 2017 at 20:04

1 Answer 1

Reset to default
3

I am not a Cisco VPN expert but here are a couple of things you need to check:

  • When a remote worker connects to the VPN, it needs to obtain a route towards the printer (192.168.12.50)
  • For the reverse path, the printer needs to have a route towards the remote worker's subnet (or a default route towards an equipment that knows how to route packets towards the remote worker's subnet)
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.