01-13-2010 12:42 AM
Hi,
I'm had 2 site-site vpn connection to my ASA 5510 version 8.0(4).
However now i wish to have connectivity between both remote sites.
How can i proceed with it?
01-13-2010 04:30 PM
You need to configure the following command.
same-security-traffic permit intra-interface
This will allow communications between your VPNs - however you will need to ammend any VPN ACLs (used in crypto map) to permit traffic between the respective peer networks.
Alex
01-13-2010 05:47 PM
Lets say you have router A, B, and C. You already have a tunnel between A<=>B and a tunnel between A<=>C. You now want traffic between B<=>C. You can either....
1. Send the traffic between B and C through A. This would mean adding "same-security-traffic permit intra-interface" on A so that the traffic that comes in the outside interface of A can also leave out the outside interface of A since it will need to be redirected. And you should adjust the crypto maps on all 3 devices:
-On A, permit B-->C and C-->B
-On B, permit B-->C
-On C, permit C-->B
or
2. Just define the crypto on B and C (and don't send it through A)
-On B, permit B-->C
-On C, permit C-->B
-heather
01-13-2010 07:43 PM
Thanks for the reply.
However, after adding those and try to re- established vpn link it still doesn't work.
Do you know if there's anything else i missed out?
1) A (ASA) - added the crypto to allow B -> C and C->B and same-security-traffic permit intra-interface command
2) On the router of B - added additional access-list of C network
3) On the router of C - added additional access-list of B network
01-14-2010 12:48 AM
Without seeing your configuration it is difficult to work out the issue - if you use NAT/PAT on your B and C firewalls - then you may need to update nat-exemption policies for the relevant networks. If you still need further help - can you cut and paste the relevant parts of your configuration - specifically the crypto maps, NAT policies and associated ACLs for each firewall
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide