connectivity between VPN sites

Unanswered Question
Aug 10th, 2009

i have two 5505 ASAs connecting back to a central 5520 ASA via the easy vpn remote option. Each of the 5505s are on their own networks. How do i get network connectivity between the two remote sites? Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Mon, 08/10/2009 - 09:23


you can accomplish connectivity to both remote sites via the central 5520 asa simply by tailoring your nonat exempt rules pertaining to your l2l asa tunnels at both spokes asa's and add same-security-traffic permit intra-interface at central asa 5520.

here is an example that depics your scenario.

You may also reference this tread

Regards Wed, 08/12/2009 - 11:19

does this also apply to remote access vpn tunnels vs a l2l (site-to-site)tunnel? The remote site's public address is dynamically assigned...

JORGE RODRIGUEZ Wed, 08/12/2009 - 13:32

Yes it does also applies to remote access VPN tunnels..

you should note,however, if a spoke site is dynamic towards the HUB asa5520 obiously that dynamic spoke must bring the tunnel up first in order for other spokes to have access among themselves via HUB including the dynamically public address assigned spoke.



This Discussion