2 different LANS to access VPN tunnel

Unanswered Question
Jun 3rd, 2010
User Badges:


I'm having a L2L VPN connection through internet between LAN A and B. LAN C is connected to LAN B through a router.

How can I make LAN C access LAN A through the same VPN tunnel?

I've attached a design pdf file. Please help me on that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Thu, 06/03/2010 - 02:29
User Badges:
  • Cisco Employee,

Yes, you can. You would need to add the LAN C in the crypto ACL on the VPN tunnel between A and B.

On A:

- On the same crypto ACL for LAN A to LAN B, add another line that says from LAN A to LAN C.

On B:

- On the same crypto ACL for LAN B to LAN A, add another line that says from LAN C to LAN A

If you have NAT exemption configured, you would also need to configure the additional ACL to deny NAT between LAN A to LAN C and vice versa on the other side.

Lastly, LAN C and the router between LAN B and LAN C need to route the LAN A subnet towards ASA.

Hope that helps.

Jennifer Halim Fri, 06/04/2010 - 06:12
User Badges:
  • Cisco Employee,

Great to hear. Pls rate useful post and mark question as answered. Thanks.


This Discussion