Traffic from one VPN to VPN

Unanswered Question
Jan 19th, 2010

Hi!

I have the following scenario:

USER1 ----- Site2Site IPSec VPN--------|ASA with DMZ| ---------------Site2Site IPSec VPN-------- USER2

USER1 LAN: 192.168.10.0 /24

USER2 LAN: 172.16.1.0 /24

ASA DMZ network: 10.10.10.0 /24

Both users can access the servers in the DMZ from their LAN's.

Now I want both users to see each other LAN's in addition to the DMZ. How should modify the access-lists for this to work?

Thanks in advance

Carlos

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carlosv Tue, 01/19/2010 - 17:40

Forgot to mention... both users still need access to the DMZ on the ASA.  It seems so simple to just add a line on the access-lists for the encryption domains on each USER LAN to the other. But how should look the access-lists on the ASA for this to work?

Unfortunately, a direct tunnel from USER1 to USER2 it's not an option.

This looks like a CCIE Sec question. heh.

Thanks in advance.

Actions

This Discussion