01-29-2007 12:28 PM
I have gotten this working for clients who are vpned in and then are able to access sites in which the ASA has a site to site tunnel. Can this also be done between site to site tunnels? I can't seem to get it work. ASA A has a site to site with ASA B and ASA C. I want users at ASA C to access ASA B without making a separate tunnel between ASA B and ASA C by having the traffic come from ASA B to ASA A and then have it go out the same interface toward ASA C. Sifficently, complicated?
Thx
01-30-2007 12:51 AM
Hi
Yes it can be done on an ASA device.
You will need to add the command "same-security-traffic permit intra-interface". You then need to make sure that traffic coming out of tunnel from site B is defined as intersting traffic in the IPSEC crypto map for site C and vice-versa.
HTH
Jon
01-30-2007 04:50 AM
Hi,
Please find attached a configuration example:
Please rate if this helped.
Regards,
Daniel
01-30-2007 06:19 AM
Daniel,
Thx much. Problem turned out to be at site C which was a Watchguard. It is now working.
Bill
01-30-2007 06:18 AM
Thanks Jon,
The problem turned out to be at Site C which was Watchguard. Got it working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide