Full Mesh Site-2-site VPN in ASA

Unanswered Question
Mar 26th, 2008
User Badges:

I have two site-2-site vpns and also remote vpn clients. I want to create full mesh between the L2L vpns and also the remote access clients so that all sites can access each other & the remote users can also access the sites. How can i achieve this in ASA. I guess same-security-traffic permit intra-interface works, but whats the ACLs to be configured?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pjhenriqs Wed, 03/26/2008 - 07:15
User Badges:


It's difficult to explain how to do this without specific IP addressing but what the approach I would follow would be to first configure the site-to-site VPNs and make sure that everything is working. After this, configure the remote access VPN.

If for example the remote users are in subnet and you have a VPN site with the subnet then you should create an access-list applied on the outside interface (incoming) with the source being and the destination, for traffic from the remote to the site VPN.

You will need to set up the appropriate exempt NATs but although it's a little messy it works. Ah and keep that same security traffic permit intra-interface rule.

Hope it helps in any way.




This Discussion