Solved: Re: Cisco ASA 5516 add new Site To Site VPN

m.petrov1 · ‎03-01-2022

I have an ASA 5516 and 2 Site To Site VPN connection (the connection in UP and work):

first VPN IKEv1 - with network PEER IP 172.19.60.1/24 -> IP in my ASA 172.19.60.200

and subinterface and VLAN 100 for internal access -> 172.16.100.1/24

second VPN IKE v2 - with network PEER IP 172.19.61.1/24 -> IP in my ASA 172.19.64.1/24

I want to have access to the same resource (172.16.100.1/24) but not have access between the two networks (172.19.60.1/24 and 172.19.61.1/24).

how to do it.

Rob Ingram · ‎03-01-2022

@m.petrov1 this is hard to follow, so I am not entirely clear.

If 172.19.60.0/24 and 172.19.61.0/24 are the remote networks (not local to your network) and only accessible over different VPNs by default they will not communicate with each other, they can only access the resources over the VPN as per the crypto ACL that defines the interesting traffic.

View solution in original post

m.petrov1 · ‎03-01-2022

Yes, 172.19.60.0/24 and 172.19.61.0/24 are remote networks (not local to your network). Thanks for the quick and accurate answer. I will add the new network 172.19.61.0/24 to the ACL and test the result.

View solution in original post

Rob Ingram · ‎03-01-2022

@m.petrov1 this is hard to follow, so I am not entirely clear.

If 172.19.60.0/24 and 172.19.61.0/24 are the remote networks (not local to your network) and only accessible over different VPNs by default they will not communicate with each other, they can only access the resources over the VPN as per the crypto ACL that defines the interesting traffic.

m.petrov1 · ‎03-01-2022

Yes, 172.19.60.0/24 and 172.19.61.0/24 are remote networks (not local to your network). Thanks for the quick and accurate answer. I will add the new network 172.19.61.0/24 to the ACL and test the result.

m.petrov1 · ‎03-04-2022

Thank you for the answer.