Multiple IPSec VPN routing

Unanswered Question
Feb 7th, 2010
User Badges:


I have multiple site to site VPN and i am trying to make communication between all VPN LAN

means One vpn LAN network can communicate with my other VPN LAN network these both are connected with MY cisco ASA 5510.

i have enabled intra interface security and inter interface security as well but no LUCK

any extra that i have to do please help me out if any one have an answer.

kindly check attached diagram for the same

Thanks a lot for help in advance.

[email protected]

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 02/10/2010 - 14:31
User Badges:
  • Cisco Employee,

Besides the same security commands you need to make sure your traffic definition is correctly defined on the crypto acls for each firewall, as an example see below

Central - Network A

Remote 1 - Network B

Remote 2 - Network C

Remote 3 - Network D

If what you need to do is to allow communication from all remotes using the Central as the hub, you need to do the following

tunnel from Central to Remote 1

A to B

tunnel from Remote 1 to Central

B to A

Tunnel from Central to Remote 2

A to C

Tunnel from Remote 2 to Central

C to A

If you need then Remote 1 to Remote 2 via the central one the cofig would be


A to B

C to B

Remote 1

B to A

B to C

Remote 2

C to A

C to B

And so on...

Let me know if this makes sense, of course the Nat Exempt Acl should mimic this behavior.


This Discussion