Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need Help Site to Site VPN One Way Access Only

Hi I have set up a site to site

vpn between an ASA5510 and a PIX525(6.3.5)

Site A(PIX) Details are

Inside LAN:192.168.6.0/24

Site B(ASA) Details are

Inside LAN:192.168.7.0/24

Problem:

I can't access any ip from Site A to Site B except Site B's ASA inside interface 192.168.7.1

However, from Site B, I can access SMTP, WebServer and DNS in the 192.168.6.X network from 192.168.7.X

The Site B Access policy is the default by ASA wizard as follows

Anything from 192.168.7.X to Any lower sec allow any any

Anything from outside is the default implicit deny.

I have this on my ASA

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

Also for the S2S I have separate access-list like this

FOR SITE B

access-list nonat extended permit ip 192.168.7.0 255.255.255.0 192.168.6.0 255.255.255.0

access-list s2svpn extended permit ip 192.168.7.0 255.255.255.0 192.168.6.0 255.255.255.0

sysopt connection permit-vpn

========================================

For Site A

access-list nonat extended permit ip 192.168.6.0 255.255.255.0 192.168.7.0 255.255.255.0

access-list s2svpn extended permit ip 192.168.6.0 255.255.255.0 192.168.7.0 255.255.255.0

sysopt connection permit-ipsec

===================================

Anything needs to be done on each site's access list? Right Site B is the only one to Access Site A, and Site A can only access 192.168.7.1

110
Views
0
Helpful
0
Replies
CreatePlease login to create content