Hi Charger1129,
Here are the crypto access-list and nat exemption configuration that you need:-
On site A for tunnel to Site B
1. crypto acl from A to B as
permit 10.1.1.10 to 10.1.1.20------from Site A to Site B
permit 10.1.1.30 to 10.1.1.20------from Site C to Site B
Nat exempt
From 10.1.1.10 to 10.1.1.20
From 10.1.1.30 to 10.1.1.20
On site A for tunnel to Site C
1. crypto acl from A to C as
permit 10.1.1.10 to 10.1.1.30------from Site A to Site C
permit 10.1.1.20 to 10.1.1.30------from Site B to Site C
Nat exempt
From 10.1.1.10 to 10.1.1.30
From 10.1.1.20 to 10.1.1.30
On site B for tunnel to Site A
1. crypto acl from B to A as
permit 10.1.1.20 to 10.1.1.10----- from Site B to Site A
permit 10.1.1.20 to 10.1.1.30------from Site B to Site C
Nat exempt
From 10.1.1.20 to 10.1.1.10
From 10.1.1.20 to 10.1.1.30
On site C for tunnel to Site A
1. crypto acl from C to A as
permit 10.1.1.30 to 10.1.1.10---- from Site C to Site A
permit 10.1.1.30 to 10.1.1.20---- from Site C to Site B
Nat exempt
From 10.1.1.30 to 10.1.1.10
From 10.1.1.30 to 10.1.1.20
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
