I have the HeadQuarter (HQ) and the Branch Offices (BO1, BO2, ...) and I want to establish a vpn site to site tunnel between the HQ and the BOs. this task was accomplished successfully, but i want also to permit communication between the differents BOs.
Do the differents BOs can communicate between them throught the HQ ? else, what is the solution to this scenario ?
NB: I avoid to create a full mesh vpn between the diffrents BOs, because i will have a long and complicated configuration.
I think you simply need to configure the L2L VPN "interesting traffic" ACL in your VPN configurations to include the networks you want to communicate with eachother
Also you will need to create a NAT0 / NAT Exempt configuration on your HQ ASAs outside interface that will let all the traffic between remote sites pass unnated through the central ASA.
You will also check that you have the "same-security-traffic permit intra-interface" command configured on the HQ ASA. This will allow the ASA to send interface out on the same interface that it received the traffic. In this scenario it would basically mean traffic arriving and leaving from the outside interface.
If you need specific CLI configuration examples let me know.
Please also state your ASA firewalls software versions (since NAT configurations format depends on the software version)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :