Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
1
Replies

3 site vpn traffic

cb80
Level 1
Level 1

‎09-22-2021 03:15 PM

Hi all 

 

just needing some assistance if possible

 

 I’ve 3 asa 5505 conning via site to site vpn 

 

device A is connected to device B via IPSec vpn 

device C is connected to device B via IPSec vpn 

 

both network   A and network C can talk to network B ok 

 

However network A can’t communicate with network C. I did some packet tracing and it indicated crpytomaps needed to be updated which I have. However. Still the same. Anyone able to point me in the right direction of advise of some commands I can try. 

thanks for any assistance

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎09-22-2021 03:40 PM

The two most often forgotten configs in this scenario are:

  • NAT exemption for traffic A->C and C->A with interfaces (outside, outside)
  • same-security-traffic permit intra-interface
0 Helpful
Customers Also Viewed These Support Documents