Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

lan to lan tunnel and intra interface traffic

Can an ASA be setup to allow an IPSEC lan-to-lan VPN to terminate to an interface, as well as forward the traffic back out the same interface? I've got 2 ASA's, one faces the internet, referred to as the "internet firewall" and allows ISAKMP and ESP via an ACL on its outside interface (sec leven 0) through it. It passes the ipsec traffic out its "vpn dmz" interface (sec level 25) to the "VPN" interface (sec level 0)of "VPN firewall" that sits behind it. This VPN interface is the only active interface on this firewall. I want the lan-to-lan tunnel to terminate on this interface, at which point the decrypted traffic goes right back out the "vpn" interface to right back to the "vpn dmz" interface of the internet firewall. From there it gets routed out another "inside" interface destined for the internal network. I've got the "same-security-traffic permit intra-interface" command on both. No NAT'ng will be taknig place. Will this solution work?

CreatePlease login to create content