Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSEC s2s ACLs

I have two sites i need to create s2s between them, problem is:

site A is the HQ that has MPLS connections  and routes OSPF over to other branches so its encryption domain is the whole 192.168.x.x/16 network

site B is the branch that will need to access HQ and other branch resources by S2S with the HQ and its local networks are 192.168.20.0/24 through 192.168.24.0/24 meaning they fall under the general ACL for the HQ. The HQ has no 192.168.20-24/24 subnets on its side as those reserved for siteB.

My question is...

can i use the general ACL for site A  to include 192.168.x.x/16  and  192.168.20-24.0/24  on site B  to build a properly working tunnel that will allow site B to reach all other branches connected to site A (HQ) (see example bellow) ?

topology:

siteB(192.168.20.0/22)=====IPSEC s2s=====siteA(192.168.10.0/24) -------OSPF-------siteC(192.168.11.0/24)

                                                                                                      --------OSPF------.......

                                                                                                      --------OSPF------siteZ(192.168.45.0/24)

vpn acl on site B :

access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.252.0 
192.168.0.0 255.255.0.0

reversed on site A

1 REPLY
New Member

IPSEC s2s ACLs

anyone alive?

318
Views
0
Helpful
1
Replies