Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
0
Helpful
1
Replies

Site to Site VPN help

NPS_UCS
Level 1
Level 1

‎08-11-2020 01:14 PM

I have a site to site VPN tunnel setup on an ASA device. The tunnel is up and running and traffic is restricted to a single host on my side. The customer has asked for access to another host on my side via the same tunnel to port 7607. The tunnel uses public IP addresses for the encryption domain and my NAT looks like this, nat (inside,outside) source static obj-MyHostPriv obj-MyHostPub destination static Remote_Ellkay_Hosts Remote_Ellkay_Hosts no-proxy-arp route-lookup. How can I add a second host to this tunnel? I have updated the NAT to include an object group containing the second host and I can access the customers hosts over the tunnel from both of my hosts. However the customer can't access my second host via port 7607. Also here is my ACL, access-list outside_cryptomap_3 extended permit ip object obj-MyHostPub object-group Remote_Ellkay_Hosts

 

Any help will be much appreciated. 

 

Thank you

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎08-11-2020 02:36 PM

as per the ACL you already allowed :

 

access-list outside_cryptomap_3 extended permit IP object obj-MyHostPub object-group Remote_Ellkay_Hosts

 

Hope host already covered here, so it's permitted here.

 

are you doing NAT Locally or remote site? based on that you need to change crypto ACL.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card