Multiple IPSec VPN routing

Unanswered Question
Feb 7th, 2010


I have multiple site to site VPN and i am trying to make communication between all VPN LAN

means One vpn LAN network can communicate with my other VPN LAN network these both are connected with MY cisco ASA 5510.

i have enabled intra interface security and inter interface security as well but no LUCK

any extra that i have to do please help me out if any one have an answer.

kindly check attached diagram for the same

Thanks a lot for help in advance.

[email protected]

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 02/10/2010 - 14:31

Besides the same security commands you need to make sure your traffic definition is correctly defined on the crypto acls for each firewall, as an example see below

Central - Network A

Remote 1 - Network B

Remote 2 - Network C

Remote 3 - Network D

If what you need to do is to allow communication from all remotes using the Central as the hub, you need to do the following

tunnel from Central to Remote 1

A to B

tunnel from Remote 1 to Central

B to A

Tunnel from Central to Remote 2

A to C

Tunnel from Remote 2 to Central

C to A

If you need then Remote 1 to Remote 2 via the central one the cofig would be


A to B

C to B

Remote 1

B to A

B to C

Remote 2

C to A

C to B

And so on...

Let me know if this makes sense, of course the Nat Exempt Acl should mimic this behavior.


This Discussion