Traffic from one VPN to VPN

Unanswered Question
Jan 19th, 2010
User Badges:


I have the following scenario:

USER1 ----- Site2Site IPSec VPN--------|ASA with DMZ| ---------------Site2Site IPSec VPN-------- USER2

USER1 LAN: /24

USER2 LAN: /24

ASA DMZ network: /24

Both users can access the servers in the DMZ from their LAN's.

Now I want both users to see each other LAN's in addition to the DMZ. How should modify the access-lists for this to work?

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
carlosv Tue, 01/19/2010 - 17:40
User Badges:

Forgot to mention... both users still need access to the DMZ on the ASA.  It seems so simple to just add a line on the access-lists for the encryption domains on each USER LAN to the other. But how should look the access-lists on the ASA for this to work?

Unfortunately, a direct tunnel from USER1 to USER2 it's not an option.

This looks like a CCIE Sec question. heh.

Thanks in advance.


This Discussion

Related Content