06-14-2007 12:45 AM
Hi,
My network is that way:
ASA1(7.2.2)
||
INTERNET=====PIX (6.3.5)
||
ASA2(7.2.2)
I would like ASA1 can access PIX network and ASA2 Network
As well I would like ASA2 can access PIX network via ASA1, and ASA1 network
And finally, I would like PIX can access ASA2 network via ASA1, and ASA1 network
Is it possible to do so?
Thanks
Solved! Go to Solution.
06-14-2007 06:42 AM
Yes, it is possible to hairpin the traffic on the outside interfaces of the ASA's to get the traffic over the tunnels to the pix.
You need to enable same-security-traffic permit intra-interface. You also need to add the traffic to your crypto and nat exemption acls(only if running outside nat). Here is a good doc with an example...these are pixes, but the config in the version 7 pix is pretty much the same.
Please rate if it helps.
06-14-2007 03:17 AM
Hi,
It is possible. This is called 'Mesh VPN' that is each device will have seperate tunnel for all other devcies in the network topology.
On the device ASA1(7.2.2.2):
------------------------------
Create a site-to-site vpn to PIX
create another site-to-site vpn to ASA2
On the device ASA2:
-------------------
Create a site-to-site vpn to PIX
create another site-to-site vpn to ASA1
On the devcie PIX:
-------------------
Create a site-to-site vpn to ASA2
create another site-to-site vpn to ASA1
Hope it helps.
--Jaffer
06-14-2007 04:01 AM
Hi,
well that is not exactly what I want to do.
I don't want a direct VPN Tunnel between ASA2 and PIX. I want ASA2 goes to PIX through ASA1.
06-14-2007 06:42 AM
Yes, it is possible to hairpin the traffic on the outside interfaces of the ASA's to get the traffic over the tunnels to the pix.
You need to enable same-security-traffic permit intra-interface. You also need to add the traffic to your crypto and nat exemption acls(only if running outside nat). Here is a good doc with an example...these are pixes, but the config in the version 7 pix is pretty much the same.
Please rate if it helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide