Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Connect to a Computer at Site B when I'm VPNed into Site A

Hello Community

   Is there a way to configure two ASAs Site A and Site B which have a site to site VPN configured.. where if a person is VPNed into either Site A or B, that person is able to connect to *all servers in either site A or B?

Thanks,

Tom

2 REPLIES
VIP Purple

Re: Connect to a Computer at Site B when I'm VPNed into Site A

Yes, that will work. You just have to make sure that "same-securit-traffic permit intra-interface" is set and that your crypto-definition includes all needed networks. So if you have network a.a.a.0 in site-A and b.b.b.0 in site-B and your VPN-pool in site-B is d.d.d.0, then your crypto-ACLs habve to be the following:

Site-A: permit a.a.a.0 to b.b.b.0 and permit a.a.a.0 to d.d.d.0
Site-B: permit b.b.b.0 to a.a.a.0 and permit d.d.d.0 to a.a.a.0

The split-tunnel-acl in site B has to include both networks b.b.b.0 and a.a.a.0.


Sent from Cisco Technical Support iPad App

Community Member

Re: Connect to a Computer at Site B when I'm VPNed into Site A

Hi Karsten,

   Thanks for the response. You are correct, but there's one thing missing. (I had TAC help us). A NAT rule needs to be put in place from Outside to Outside on both sides of the firewall that define the interesting traffic (meaning the subnet of the remote VPN pool of IPs and the remote sites internal subnet). After we did that everything worked perfectly.

-Tom

150
Views
0
Helpful
2
Replies
CreatePlease to create content