Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
1
Replies

Full Mesh Site-2-site VPN in ASA

mrinmoy.m
Level 1
Level 1

‎03-26-2008 06:49 AM

I have two site-2-site vpns and also remote vpn clients. I want to create full mesh between the L2L vpns and also the remote access clients so that all sites can access each other & the remote users can also access the sites. How can i achieve this in ASA. I guess same-security-traffic permit intra-interface works, but whats the ACLs to be configured?

Labels:
0 Helpful
1 Reply 1

pjhenriqs
Level 1
Level 1

‎03-26-2008 07:15 AM

Hi,

It's difficult to explain how to do this without specific IP addressing but what the approach I would follow would be to first configure the site-to-site VPNs and make sure that everything is working. After this, configure the remote access VPN.

If for example the remote users are in 192.168.200.0/24 subnet and you have a VPN site with the 192.168.1.0/24 subnet then you should create an access-list applied on the outside interface (incoming) with the source being 192.168.200.0/24 and the destination 192.168.1.0/24, for traffic from the remote to the site VPN.

You will need to set up the appropriate exempt NATs but although it's a little messy it works. Ah and keep that same security traffic permit intra-interface rule.

Hope it helps in any way.

Thanks,

Paulo

0 Helpful
Customers Also Viewed These Support Documents