Access Branch to Branch by VPN

Unanswered Question
Aug 19th, 2008

Dear All expert,

please help me to solve this problem,

right now my HQ and branch link by VPN but i would like to do 2 branch access by VPN( i mean that now all the branch can access to HQ only but Branch to Branc cannot access .

Could you let me know how can i do it?

Best Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrew.prince@m... Tue, 08/19/2008 - 00:59


For the branch sites to be able to communicate to each other via your HQ add the below config into the HQ VPN device:-

same-security-traffic permit intra-interface

This will allow traffic from branch 1 to "hairpin" to branch 2 via HQ.


join_sn09 Tue, 08/19/2008 - 02:33

Dear HTH,

Thanks you for your advice.

After i put command that you gave me it mean Branch1 can access Branch2, right? and have more security or not?

Best Regards,


andrew.prince@m... Tue, 08/19/2008 - 02:40

That is correct - it allows access from Branch 1 to Branch 2. There is no added security from this, if you want security - I suggest you think about acl's in the inbound of the inside interface at both locations.

join_sn09 Tue, 08/19/2008 - 18:23

Dear Andrew,

Thanks your for your advice.

i understood that you advice.

Could you show me Acl that allow Branch1 can access to Branch2? so we need to add Acl on ASA HQ, Branch1 and Branch2? which one that we have to add Acl.

Best Regards, :)


join_sn09 Wed, 08/20/2008 - 18:07

Dear All and Andrew,

Do you have any advice?

Best Regards,


andrew.prince@m... Thu, 08/21/2008 - 00:36

What services at Branch 1 and 2 would need to be used?

Are they the same company? Are they the same type of users? Do you need to limit access?


This Discussion