03-01-2022 12:33 AM
I have an ASA 5516 and 2 Site To Site VPN connection (the connection in UP and work):
first VPN IKEv1 - with network PEER IP 172.19.60.1/24 -> IP in my ASA 172.19.60.200
and subinterface and VLAN 100 for internal access -> 172.16.100.1/24
second VPN IKE v2 - with network PEER IP 172.19.61.1/24 -> IP in my ASA 172.19.64.1/24
I want to have access to the same resource (172.16.100.1/24) but not have access between the two networks (172.19.60.1/24 and 172.19.61.1/24).
how to do it.
Solved! Go to Solution.
03-01-2022 12:47 AM
@m.petrov1 this is hard to follow, so I am not entirely clear.
If 172.19.60.0/24 and 172.19.61.0/24 are the remote networks (not local to your network) and only accessible over different VPNs by default they will not communicate with each other, they can only access the resources over the VPN as per the crypto ACL that defines the interesting traffic.
03-01-2022 12:58 AM
Yes, 172.19.60.0/24 and 172.19.61.0/24 are remote networks (not local to your network). Thanks for the quick and accurate answer. I will add the new network 172.19.61.0/24 to the ACL and test the result.
03-01-2022 12:47 AM
@m.petrov1 this is hard to follow, so I am not entirely clear.
If 172.19.60.0/24 and 172.19.61.0/24 are the remote networks (not local to your network) and only accessible over different VPNs by default they will not communicate with each other, they can only access the resources over the VPN as per the crypto ACL that defines the interesting traffic.
03-01-2022 12:58 AM
Yes, 172.19.60.0/24 and 172.19.61.0/24 are remote networks (not local to your network). Thanks for the quick and accurate answer. I will add the new network 172.19.61.0/24 to the ACL and test the result.
03-04-2022 06:52 AM
Thank you for the answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide