General discussion


Client to Client Communication through VPN tunnels

By mddavis ·
Our company is trying to set up our laptops to use soft phones so that we can communicate when we aren't at our desks. We have been able to set up conversations via our intranet and with one person outside VPNing in and the other person on the inside but are having trouble with setting up communications between two people that are attempting to establish a call when they are both using VPN to enter our network.

We are using an ASA as our VPN concentrator and through some research I have come to a limited understanding of something that might solve the problem but I need help with clarrification.

From what I understand I need to put in the command "same-security-traffic permit intra-interface" to allow traffic to go back out the same interface it came in.

Also, it looks as if I need to set up a policy to allow split tunneling. The thing is one document I saw said that the ACL for that policy needs to specify the inside network addresses and another said I needed to specify the VPN pool addresses.

Can anyone please help with confirmation of which is the correct method so I can get this working?


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Why not both?

by tmalo627 In reply to Client to Client Communic ...

I'm not familiar with ASA specifically, but with the VPN server I use at work (Zywall), the VPN networks have to be defined as well as creating a firewall rule to allow traffic to and from the appropriate networks and subnets.

Let me know if this helps.

Collapse -

Not exactly...

by mddavis In reply to Why not both?

I appreciate the reply but I don't really want to put in both if it's not needed. I'm just trying to find out specifics on exactly what I have to open up to define the exact rules I need to open but no more.

The VPNs are defined and they work fine it's just that people that are both coming in on VPN connections can't communicate directly with each other via a soft phone program.

I know that I need to add the "same-security-traffic permit intra-interface" command to allow the traffic to exit back out the same interface it came in but I'm not positive that i need to add the split tunneling configuration and if so exactly which networks I need to define. That's what I was hoping to get answered.

Thanks for the response but it didn't really answer my question. :)

Related Discussions

Related Forums