Re: ada5500 vpn same interface

whanson · ‎01-29-2007

I have gotten this working for clients who are vpned in and then are able to access sites in which the ASA has a site to site tunnel. Can this also be done between site to site tunnels? I can't seem to get it work. ASA A has a site to site with ASA B and ASA C. I want users at ASA C to access ASA B without making a separate tunnel between ASA B and ASA C by having the traffic come from ASA B to ASA A and then have it go out the same interface toward ASA C. Sifficently, complicated?

Thx

Jon Marshall · ‎01-30-2007

Hi

Yes it can be done on an ASA device.

You will need to add the command "same-security-traffic permit intra-interface". You then need to make sure that traffic coming out of tunnel from site B is defined as intersting traffic in the IPSEC crypto map for site C and vice-versa.

HTH

Jon

5220 · ‎01-30-2007

Hi,

Please find attached a configuration example:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

Please rate if this helped.

Regards,

Daniel

whanson · ‎01-30-2007

Daniel,

Thx much. Problem turned out to be at site C which was a Watchguard. It is now working.

Bill

whanson · ‎01-30-2007

Thanks Jon,

The problem turned out to be at Site C which was Watchguard. Got it working.