11-10-2010 01:27 PM
I have a conceptual question regarding passing of traffic from one destinctive established VPN Peer to a different established VPN Tunnel.
Below is my example.
- Main Site A - ASA5510 - HOST OR HUB Site
- Remote Site B - ASA5510
- Remote Site C - non Cisco device capable of L2L (Site to site VPN)
- All connected via public internet
1) Main Site A is peering (VPN) with Remote Site B (Site to Site VPN) and sharing local lan segments on each side
2) Main Site A is peering (VPN) with Remote Site C (Site to Site VPN) and sharing local lan segments on each side
Question....... is it possible to configure and allow traffic flowing from Remote Site B to Remote Site C and visa-vera using the existing established tunnels and accessing the private LAN segments of each site via the HOST Site ASA?
Thanks
11-10-2010 01:31 PM
Hi,
Sure it's possible.
You need to configure IPsec hairpinning in Site A.
same-security-traffic permit intra-interface
Then, you must include the LAN B in the interesting traffic going to Site C and viceversa.
Federico.
11-10-2010 01:34 PM
Federico,
Thanks for your quick response, I thought this was indeed possible. I will search the Cisco site for configuration examples.
Thanks!
11-10-2010 01:42 PM
This document gives you the idea of doing u-turn for the VPN traffic:
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide