01-29-2007 12:28 PM
I have gotten this working for clients who are vpned in and then are able to access sites in which the ASA has a site to site tunnel. Can this also be done between site to site tunnels? I can't seem to get it work. ASA A has a site to site with ASA B and ASA C. I want users at ASA C to access ASA B without making a separate tunnel between ASA B and ASA C by having the traffic come from ASA B to ASA A and then have it go out the same interface toward ASA C. Sifficently, complicated?
Thx
01-30-2007 12:51 AM
Hi
Yes it can be done on an ASA device.
You will need to add the command "same-security-traffic permit intra-interface". You then need to make sure that traffic coming out of tunnel from site B is defined as intersting traffic in the IPSEC crypto map for site C and vice-versa.
HTH
Jon
01-30-2007 04:50 AM
Hi,
Please find attached a configuration example:
Please rate if this helped.
Regards,
Daniel
01-30-2007 06:19 AM
Daniel,
Thx much. Problem turned out to be at site C which was a Watchguard. It is now working.
Bill
01-30-2007 06:18 AM
Thanks Jon,
The problem turned out to be at Site C which was Watchguard. Got it working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: