Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Access Branch to Branch by VPN

Dear All expert,

please help me to solve this problem,

right now my HQ and branch link by VPN but i would like to do 2 branch access by VPN( i mean that now all the branch can access to HQ only but Branch to Branc cannot access .

Could you let me know how can i do it?

Best Regards,

Join

7 REPLIES

Re: Access Branch to Branch by VPN

Join,

For the branch sites to be able to communicate to each other via your HQ add the below config into the HQ VPN device:-

same-security-traffic permit intra-interface

This will allow traffic from branch 1 to "hairpin" to branch 2 via HQ.

HTH>

Community Member

Re: Access Branch to Branch by VPN

Dear HTH,

Thanks you for your advice.

After i put command that you gave me it mean Branch1 can access Branch2, right? and have more security or not?

Best Regards,

Join

Re: Access Branch to Branch by VPN

That is correct - it allows access from Branch 1 to Branch 2. There is no added security from this, if you want security - I suggest you think about acl's in the inbound of the inside interface at both locations.

Community Member

Re: Access Branch to Branch by VPN

Dear Andrew,

Thanks your for your advice.

i understood that you advice.

Could you show me Acl that allow Branch1 can access to Branch2? so we need to add Acl on ASA HQ, Branch1 and Branch2? which one that we have to add Acl.

Best Regards, :)

Join

Community Member

Re: Access Branch to Branch by VPN

Dear All and Andrew,

Do you have any advice?

Best Regards,

Norung

Re: Access Branch to Branch by VPN

What services at Branch 1 and 2 would need to be used?

Are they the same company? Are they the same type of users? Do you need to limit access?

Re: Access Branch to Branch by VPN

Hi Join

first, the solusion that has been given by andrew is 100% the right one

and i just wanna give this link if u read and follow it it let u solove ur case 100% and it is setp by step guid

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

good luck

please, if helpful rate

119
Views
0
Helpful
7
Replies
CreatePlease to create content