10-18-2011 05:34 PM - edited 03-11-2019 02:39 PM
Hi Guys,
I have a site to site VPN between SiteA to SiteB which is working fine. SiteA has an ASA5520 and SiteB Pix501. The ASA5520 is running version 804 with split tunneling. Users connect to SiteA using remote access VPN. Is it possible to setup SiteA ASA5520 so that when users connect to SiteA they can access servers located on SiteB through the tunnel? I know i can setup the Pix501 for remote access VPN but it is located in another country and i don't want to take a chance just incase i lose connectivity.Any help will be greatly appreciated.
Thanks,
Lake
Solved! Go to Solution.
10-18-2011 07:14 PM
Yes you can, here is all the config that you would need:
On ASA 5520:
1) Split tunnel ACL needs to include Site B LAN.
2) Configure: "same-security-traffic permit intra-interface"
3) Crypto ACL for the site-to-site VPN should include:
access-list
On PIX501:
1) Crypto ACL for the site-to-site VPN should include:
access-list
2) NAT exemption ACL should include:
access-list
Hope this helps.
10-19-2011 09:20 PM
If you require access from Site C to Site D and vice versa, and with the current deployment of Site A being the HUB, here is what is required:
Site A:
- Crypto ACL towards Site C should include:
access-list
- Crypto ACL towards Site D should include:
access-list
Site C:
- Crypto ACL towards Site A should include:
access-list
Site D:
- Crypto ACL towards Site A should include:
access-list
Hope this helps.
10-18-2011 07:14 PM
Yes you can, here is all the config that you would need:
On ASA 5520:
1) Split tunnel ACL needs to include Site B LAN.
2) Configure: "same-security-traffic permit intra-interface"
3) Crypto ACL for the site-to-site VPN should include:
access-list
On PIX501:
1) Crypto ACL for the site-to-site VPN should include:
access-list
2) NAT exemption ACL should include:
access-list
Hope this helps.
10-18-2011 07:19 PM
Hi Jennifer,
I will try that.
Thanks,
Lake
10-18-2011 08:01 PM
Hi Jennifer,
It worked like a charm.
Thank you very much.
Regards,
Lake
10-18-2011 08:02 PM
Excellent, thanks for the update and ratings.
10-19-2011 04:40 PM
Hi Guys,
I know this problem has been solved but i really need some help with a similar setup but still different and i am not sure if i should start another discussion?
It is now understood that SiteA and SiteB has a tunnel which is working fine. SiteA is the hub for all the remote locations. Also, SiteC and SiteD is connected to SiteA via tunnel which is working fine. Now i need SiteC to connect to a server in SiteD? I think it would be easier for SiteC to go through SiteA in order to get to SiteD so users from SiteC can have one connection and choose to connect to a server in SiteA or SiteD?
Should i just create the above access list in SiteC and SiteD because SiteA configuration should be fine? If not please advise?
Thanks,
Lake
10-19-2011 09:20 PM
If you require access from Site C to Site D and vice versa, and with the current deployment of Site A being the HUB, here is what is required:
Site A:
- Crypto ACL towards Site C should include:
access-list
- Crypto ACL towards Site D should include:
access-list
Site C:
- Crypto ACL towards Site A should include:
access-list
Site D:
- Crypto ACL towards Site A should include:
access-list
Hope this helps.
10-20-2011 11:02 AM
Thank you very much Jennifer.
Regards,
Lake
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide