Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ada5500 vpn same interface

I have gotten this working for clients who are vpned in and then are able to access sites in which the ASA has a site to site tunnel. Can this also be done between site to site tunnels? I can't seem to get it work. ASA A has a site to site with ASA B and ASA C. I want users at ASA C to access ASA B without making a separate tunnel between ASA B and ASA C by having the traffic come from ASA B to ASA A and then have it go out the same interface toward ASA C. Sifficently, complicated?

Thx

4 REPLIES
Hall of Fame Super Blue

Re: ada5500 vpn same interface

Hi

Yes it can be done on an ASA device.

You will need to add the command "same-security-traffic permit intra-interface". You then need to make sure that traffic coming out of tunnel from site B is defined as intersting traffic in the IPSEC crypto map for site C and vice-versa.

HTH

Jon

Re: ada5500 vpn same interface

Hi,

Please find attached a configuration example:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804675ac.shtml

Please rate if this helped.

Regards,

Daniel

New Member

Re: ada5500 vpn same interface

Daniel,

Thx much. Problem turned out to be at site C which was a Watchguard. It is now working.

Bill

New Member

Re: ada5500 vpn same interface

Thanks Jon,

The problem turned out to be at Site C which was Watchguard. Got it working.

121
Views
0
Helpful
4
Replies
CreatePlease login to create content