Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Full Mesh Site-2-site VPN in ASA

I have two site-2-site vpns and also remote vpn clients. I want to create full mesh between the L2L vpns and also the remote access clients so that all sites can access each other & the remote users can also access the sites. How can i achieve this in ASA. I guess same-security-traffic permit intra-interface works, but whats the ACLs to be configured?

1 REPLY
New Member

Re: Full Mesh Site-2-site VPN in ASA

Hi,

It's difficult to explain how to do this without specific IP addressing but what the approach I would follow would be to first configure the site-to-site VPNs and make sure that everything is working. After this, configure the remote access VPN.

If for example the remote users are in 192.168.200.0/24 subnet and you have a VPN site with the 192.168.1.0/24 subnet then you should create an access-list applied on the outside interface (incoming) with the source being 192.168.200.0/24 and the destination 192.168.1.0/24, for traffic from the remote to the site VPN.

You will need to set up the appropriate exempt NATs but although it's a little messy it works. Ah and keep that same security traffic permit intra-interface rule.

Hope it helps in any way.

Thanks,

Paulo

160
Views
0
Helpful
1
Replies