Routing between multiple offices

tinhnho123 · ‎08-21-2012

Hello,

I have office A and B are connected to my ASA thru vpn site to site. From office A or B, i can ping my pc behind ASA or vice versa. But from office A i can't ping anything in office B even the router and vice versa. Any suggestions? Thanks.

Benjamin Kools · ‎08-21-2012

Can you post the config on the ASA? It's likely you need to do something with the NAT config and crypto tunnel ACLs.

Richard Burts · ‎08-21-2012

This is a somewhat common problem with site to site VPN on ASA. The solution is to allow same security level traffic intra interface.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick

tinhnho123 · ‎08-22-2012

Hi Rick,

Will this command on ASA do the job?

same-security-traffic permit intra-interface

Do i need anything else like ACL or NAT on my ASA and routers at office A and B?

If i have another office C which going to used vpn site to site with my ASA, is it correct that this command above would allow office C to be seen by office A and B and vice versa? Thanks.

Hi Benjamin,

i'll see if i can post the configure here since it's too long and complicated.

Richard Burts · ‎08-22-2012

Yes that is the command. With that command the ASA should allow the traffic between sites. Probably the ASA does not need any other config changes but without knowing specifics of the config it is hard to know. I suggest that you add the command and test to see if anything else is needed

These comments are oriented to the ASA. Of course on the remote sites you will need changes in ACL and probably NAT to get the sites to communicate.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick