Multiple IPSec VPN routing

Unanswered Question
Feb 7th, 2010

Hi,


I have multiple site to site VPN and i am trying to make communication between all VPN LAN

means One vpn LAN network can communicate with my other VPN LAN network these both are connected with MY cisco ASA 5510.


i have enabled intra interface security and inter interface security as well but no LUCK


any extra that i have to do please help me out if any one have an answer.


kindly check attached diagram for the same


Thanks a lot for help in advance.


[email protected]

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 02/10/2010 - 14:31

Besides the same security commands you need to make sure your traffic definition is correctly defined on the crypto acls for each firewall, as an example see below


Central - Network A

Remote 1 - Network B

Remote 2 - Network C

Remote 3 - Network D


If what you need to do is to allow communication from all remotes using the Central as the hub, you need to do the following


tunnel from Central to Remote 1


A to B


tunnel from Remote 1 to Central


B to A


Tunnel from Central to Remote 2


A to C


Tunnel from Remote 2 to Central


C to A


If you need then Remote 1 to Remote 2 via the central one the cofig would be


Cenral:


A to B

C to B


Remote 1


B to A

B to C


Remote 2


C to A

C to B


And so on...


Let me know if this makes sense, of course the Nat Exempt Acl should mimic this behavior.

Actions

This Discussion