Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
248
Views
0
Helpful
4
Replies

ada5500 vpn same interface

whanson
Level 2
Level 2

‎01-29-2007 12:28 PM

I have gotten this working for clients who are vpned in and then are able to access sites in which the ASA has a site to site tunnel. Can this also be done between site to site tunnels? I can't seem to get it work. ASA A has a site to site with ASA B and ASA C. I want users at ASA C to access ASA B without making a separate tunnel between ASA B and ASA C by having the traffic come from ASA B to ASA A and then have it go out the same interface toward ASA C. Sifficently, complicated?

Thx

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎01-30-2007 12:51 AM

Hi

Yes it can be done on an ASA device.

You will need to add the command "same-security-traffic permit intra-interface". You then need to make sure that traffic coming out of tunnel from site B is defined as intersting traffic in the IPSEC crypto map for site C and vice-versa.

HTH

Jon

0 Helpful

5220
Level 4
Level 4
In response to Jon Marshall

‎01-30-2007 04:50 AM

Hi,

Please find attached a configuration example:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

Please rate if this helped.

Regards,

Daniel

0 Helpful

whanson
Level 2
Level 2
In response to 5220

‎01-30-2007 06:19 AM

Daniel,

Thx much. Problem turned out to be at site C which was a Watchguard. It is now working.

Bill

0 Helpful

whanson
Level 2
Level 2
In response to Jon Marshall

‎01-30-2007 06:18 AM

Thanks Jon,

The problem turned out to be at Site C which was Watchguard. Got it working.

0 Helpful
Customers Also Viewed These Support Documents