04-25-2008 05:10 AM - edited 02-21-2020 03:41 PM
Is it possible to tunnel traffic between two IPsec LAN-to-LAN tunnels, or between one IPsec tunnel and one SSLVPN tunnel
(AnyConnect client) with the ASA 5520?
E.g. We have two IPsec LAN-to-LAN tunnels. Is this setup possible:
Tunnel 1. Local subnet: B. Remote subnet: A.
Tunnel 2. Local subnet: A. Remote subnet: B.
..and have traffic flow between subnets A and B?
Regards,
Oskar Liljeblad
04-25-2008 05:28 AM
Yes, it is possible. Your description is a little confusing though. Is this what you mean?
Tunnel 1. A to B
Tunnel 2. A to C
...and you want traffic between B and C?
04-25-2008 05:46 AM
Yes, that is what I mean! Is that possible?
04-25-2008 05:58 AM
Yes.
Site A-
same-security-traffic permit intra-interface
access-list crypto1 extended permit ip
access-list crypto1 extended permit ip
access-list crypto2 extended permit ip
access-list crypto2 extended permit ip
access-list nonat extended permit ip
access-list nonat extended permit ip
Site B-
access-list crypto extended permit ip
access-list crypto extended permit ip
access-list nonat extended permit ip
access-list nonat extended permit ip
Site C-
access-list crypto extended permit ip
access-list crypto extended permit ip
access-list nonat extended permit ip
access-list nonat extended permit ip
This may help as well.
04-29-2008 12:51 AM
Can the same be done with SSLVPN and ipsec? We have this scenario:
user --(sslvpn)-- ASA5520 --(ipsec)-- remote
Is it possible for user to reach the remote network?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide