cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
826
Views
0
Helpful
8
Replies

Access Branch to Branch by VPN

join_sn09
Level 1
Level 1

Dear All expert,

please help me to solve this problem,

right now my HQ and branch link by VPN but i would like to do 2 branch access by VPN( i mean that now all the branch can access to HQ only but Branch to Branc cannot access .

Could you let me know how can i do it?

Best Regards,

Join

8 Replies 8

andrew.prince
Level 10
Level 10

Join,

For the branch sites to be able to communicate to each other via your HQ add the below config into the HQ VPN device:-

same-security-traffic permit intra-interface

This will allow traffic from branch 1 to "hairpin" to branch 2 via HQ.

HTH>

Dear HTH,

Thanks you for your advice.

After i put command that you gave me it mean Branch1 can access Branch2, right? and have more security or not?

Best Regards,

Join

That is correct - it allows access from Branch 1 to Branch 2. There is no added security from this, if you want security - I suggest you think about acl's in the inbound of the inside interface at both locations.

Dear Andrew,

Thanks your for your advice.

i understood that you advice.

Could you show me Acl that allow Branch1 can access to Branch2? so we need to add Acl on ASA HQ, Branch1 and Branch2? which one that we have to add Acl.

Best Regards, :)

Join

Dear All and Andrew,

Do you have any advice?

Best Regards,

Norung

What services at Branch 1 and 2 would need to be used?

Are they the same company? Are they the same type of users? Do you need to limit access?

Hi andrew,

 

Please help me, also I have the same problem but yet puting this command on the asa the issue persist.

 

Is necessary other command to enable branch to branch communication throguh the asa?

 

Regards,

Marwan ALshawi
VIP Alumni
VIP Alumni

Hi Join

first, the solusion that has been given by andrew is 100% the right one

and i just wanna give this link if u read and follow it it let u solove ur case 100% and it is setp by step guid

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

good luck

please, if helpful rate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: