07-09-2019 04:05 AM - edited 02-21-2020 09:17 AM
Hi All,
On our ASA we have two Site-2-Site tunnels configured (and working). How would i/we be able to let traffic from Customer A flow to Customer B through the 2 existing tunnels. If crypto maps or anything need to be changed at the customer ends, that's not a problem.
07-09-2019 06:30 PM
For this to work you will need to enable same security level intra interface feature on you hub firewall by using the command "same-security-traffic permit intra-interface", you will also need to work on updating your encryption domain access list in your hub so that CustomerA and CustomerB traffic be able to flow between the two L2L tunnels via the hub firewall.
I was able to find an example depicting your requirements - see the URL below , exclude the RA vpn section and focus on the two L2L tunnels and HQ firewall
Hope this helps
07-14-2019 04:24 PM
yes you would need to change the crypto map to allow traffic from 10.200.0.0 to 10.100.0.0 and vice versa, if not already done.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide