Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

accessing remote sites via ASA site-site vpn

Hi,

Currently i need to access 1 remote site to the other remote site via vpn tunnel. how can i achieve this?

I need to ping 192.168.2.1 via 192.168.1.1

Please help, Thanks

Remote site 1 (192.168.1.1 via cisco 877) ------------    ASA 5510 ------------- Remote site 2 (192.168.2.1)

1 REPLY
Super Bronze

Re: accessing remote sites via ASA site-site vpn

You would need to add the corresponding crypto ACL on the site-to-site VPN between the ASA and the remote site.

On remote site 1:

crypto ACL to the ASA should include:

permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

NAT exemption ACL should also include the above with "deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255"

On remote site 2:

crypto ACL to the ASA should include:

permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

NAT exemption ACl should also include the above with "deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255"

On ASA:

crypto ACL to remote site 1: permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

crypto ACL to remote site 2: permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

same-security-traffic permit intra-interface

Hope that helps.

383
Views
0
Helpful
1
Replies