Routing Traffic from Remote Access VPN's over Site to Site VPN's

[Far Side]

I have a client with 3 remote offices. Lets call them A, B and C. These offices are tied together in a "mesh" fashion with site to site IPSec VPN tunnels on ASA 5510's. Everything there works fine. Site A is 10.0.1.0/24, Site B is 192.168.1.0/24 and site C is 192.168.200.0/24

They have about 30 remote "field" users that connect into office "A" via Cisco IPSec VPN client and get a 172.16.1.0/24 address.

Recently they installed a couple servers at site B and C that these remote access users require access to while connected to the remote VPN to site "A"

Is it possible to somehow route or allow traffic from the remote access VPN users over the site to site VPN's?

If so, any input on how to configure this? Just a basic abstract would help. Again they are using a single ASA at each site to complete their topology.

Any input is greatly appreciated.

 

[Captain Colonoscopy]

Probably need to set a route at the remote sites for the VPN pool subnet. Also, would need to add the remote site networks to the tunnel list for the remote VPN

 

[calvinj]

I do it but not with Cisco... For me it was pretty straight forward.

I think.. and I could be way off here, but I think you would just need to add your remote subnets into your split tunnel ACL. I would think because you already have your site to site vpns setup that it might just route across. The only thing that you may have to do on your remote ends is put in a route to your vpn client subnet (mine is the same as my lan)

 

[k1pp3r]

Your looking for "Hair Pinning" here is a good how-to on the subject

http://www.petenetlive.com/KB/Article/0000040.htm

 

[Far Side]

You are my favorite person alive. Thank you for the link.

 

[McDeth]

FYI people wanting to access Site B are going to get screwed, a LOT of networks your remote users are going to run across are going to be running a 192.168.1.0/24 network, especially if accessing from home or a small business, in my experience.