Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1355
Views
0
Helpful
2
Replies

ASA 8.2 - Route traffic from one Site-2-Site to other Site-2-Site Tunnel

Eric Snijders
Level 1
Level 1

‎07-09-2019 04:05 AM - edited ‎02-21-2020 09:17 AM

Hi All,

On our ASA we have two Site-2-Site tunnels configured (and working). How would i/we be able to let traffic from Customer A flow to Customer B through the 2 existing tunnels. If crypto maps or anything need to be changed at the customer ends, that's not a problem.

 

8hRGf5a

 

 

0 Helpful
2 Replies 2

JORGE RODRIGUEZ
Level 10
Level 10

‎07-09-2019 06:30 PM

For this to work you will need to enable same security level intra interface feature on you hub firewall by using the command "same-security-traffic permit intra-interface", you will also need to work on updating your encryption domain access list in your hub so that CustomerA and CustomerB traffic be able to flow between the two L2L tunnels via the hub firewall.


I was able to find an example depicting your requirements - see the URL below , exclude the RA vpn section and focus on the two L2L tunnels and HQ firewall

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82020-addnetworkvpn.html

 

 

Hope this helps

 

Jorge Rodriguez
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎07-14-2019 04:24 PM

yes you would need to change the crypto map to allow traffic from 10.200.0.0 to 10.100.0.0  and vice versa, if not already done.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card