Hey guys

Have something I've been thinking about for a while. For an example, we have two sites that are both setup with 2860n routers with LAN to LAN VPN. It works great, they can access each other's subnet, no problem at all.

Now Site 1 is hosting a web server, using an open port of port 80 set to the web server's local IP. If I try and access that website (routing to Site1:80) from an external broadband connection, it works fine. It also works fine from Site 1 (accessing itself). From Site 2, trying to access that website (Site1:80) redirects the traffic through the VPN interface rather than going out the WAN1 interface, as in the routing table Site1's IP is directly connected via the VPN interface, and any traffic to Site1:80 from Site 2 dies (no connection). I guess the router at Site1 is saying, since the traffic came in via VPN interface and not WAN1 interface, I don't know to redirect this to the local web server. Is there any way to get it to do that, or am I stuck that any LAN to LAN VPN Site's will not be able to access the open internet facing ports of any other LAN to LAN VPN Site?

Many thanks for reading, hope it's clear what I'm looking to do

On both VPN tunnel profiles is MY WAN IP and Remote Gateway IP set to 0.0.0.0 ?

It wasn't no, I'd set them manually to the appropriate IPs. Setting on both profiles to 0.0.0.0 has resolved my issue

You have no idea how grateful I am, saved me a lot of headaches. Thank you very much!

Hi there I am having a similar issue as this.

Site A - 3900 >>IPSec VPN>>> Site B - ASA both local subnets are NAT'd to a virtual subnet 10.240.121.0

If i telnet from external address to server on say public IP + port 51022 then connection allowed. But if i try from site B to site A servers internal VIP 10.240.121.111 (real IP 192.168.132.111) then the connection fails.

Is that a problem with ports opening when coming in over VPN, NAT'ing on the VPN or as described as above.