IPsec site2site routing problem

Unanswered Question


How does the ASA firewall ACL permiting traffic for two cisco 1811 site to site IPSEC? Site A and B connected through IPSec. Site A has a ASA firewall and this firewall only use to connect to an outsource application. If I need to permit acl_nonat , do I permitting public or private address of site B? Our problem is we use MPLS then everything works fine but after we switched to IPSec site to site then it broke. I am able to access everything on IPSEC site to site but except this outsource application.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
connect2world Sun, 11/16/2008 - 23:25
User Badges:

If I understand correctly, you are trying to get to site A from Site B and vice versa? If your spoke are all ASA, you might want to look at how it is possible from http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

especially on the section of Hairpinning or U-turn which you need to execute a special command at the hub.

I have similar problem, to get pass this problem, a GRE tunnel was constructed bt site A & B. So intersite traffic between A & B go via this tunnel instead of via the hub. Of course this is just one of the way to do this.


This Discussion