Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

ASA Interesting Traffic Question

I am very new to the Cisco ASA and I have a question about the ACLs that are used to define interesting traffic.  From what I've been told that these ACLs must match exactly on both ends of the tunnel in order for the LAN to LAN (IPSec) Tunnel to work.  We have a organization that we work with and who accesses a server within our LAN.  The current L2L tunnel allows them access to our 192.168.5.x network from their 172.16.2.x network.  I justed that discovered that this server redirects them to 192.168.2.x when they try to access a specific function.  I was hoping to just add the 192.168.2.x network to the ACL that defines interesting traffic, but I don't think it will be that easy.  It seems to me that the other end of the L2L tunnel will need to define that network in their ACL and configure the approriate routing.  Can any of  you help me understand this better?

Super Bronze

ASA Interesting Traffic Question


If you have at the moment configured your L2L VPN between (for example)  and networks and they need to also access your network, you will have to add that network to your ACL matching the VPN traffic.

Basicly you will need the ACL line:

access-list permit ip

You'll probably also need NAT0/NAT Exempt statement

access-list permit ip

nat () 0 access-list

And ofcourse you will need the same as a mirror image on the other VPN device

- Jouni

CreatePlease to create content