cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
809
Views
0
Helpful
4
Replies

VPN Site-Site issue

robbie.teo
Level 1
Level 1

Hi,

I'm had 2 site-site vpn connection to my ASA 5510 version 8.0(4).

However now i wish to have connectivity between both remote sites.

How can i proceed with it?

4 Replies 4

gammatel1
Level 1
Level 1

You need to configure the following command.

same-security-traffic permit intra-interface

This will allow communications between your VPNs - however you will need to ammend any VPN ACLs (used in crypto map) to permit traffic between the respective peer networks.

Alex

hdashnau
Cisco Employee
Cisco Employee

Lets say you have router A, B, and C. You already have a tunnel between A<=>B and a tunnel between A<=>C. You now want traffic between B<=>C. You can either....

1. Send the traffic between B and C through A. This would mean adding "same-security-traffic permit intra-interface" on A so that the traffic that comes in the outside interface of A can also leave out the outside interface of A since it will need to be redirected. And you should adjust the crypto maps on all 3 devices:

-On A, permit B-->C and C-->B

-On B, permit B-->C

-On C, permit C-->B

or

2. Just define the crypto on B and C (and don't send it through A)

-On B, permit B-->C

-On C, permit C-->B

-heather

Thanks for the reply.

However, after adding those and try to re- established vpn link it still doesn't work.

Do you know if there's anything else i missed out?

1) A (ASA) - added the crypto to allow B -> C and C->B  and same-security-traffic permit intra-interface command

2) On the router of B - added additional access-list of C network

3) On the router of C - added additional access-list of B network

Without seeing your configuration it is difficult to work out the issue - if you use NAT/PAT on your B and C firewalls - then you may need to update nat-exemption policies for the relevant networks.  If you still need further help - can you cut and paste the relevant parts of your configuration - specifically the crypto maps, NAT policies and associated ACLs for each firewall

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: