Solved: Hi Olivier Delaporte,

Olivier Delaporte · ‎09-30-2016

Hello

ALL IP addresses below are fictitious. All ASA firewalls are running version 9.5.

I have a workstation connected to ASA-One on a local network of 172.16.1.0/24. ASA-One external IP address is 10.10.10.10

There is a site-to-site VPN between ASA-One and ASA-Two to its local network of 172.16.10.0/24. ASA-Two external IP address is 20.20.20.20.

Tunnel is configured with 172.16.1.0/24 as the local network and 172.16.10.0/24 as the remote network.

ASA-Two has a site-to-site VPN tunnel to a third network: 192.168.20.0/24. ASA-Three external IP address is 30.30.30.30.

The tunnel is configured differently, though: the local network is the outside interface IP address 20.20.20.20 and the remote network is 192.168.20.0/24.

My question is:

can I access the 192.168.20.0/24 network from the workstation on 172.16.1.0/24? If this were possible, what kind of route and nat statements should i use?

Thank you

JP Miranda Z · ‎09-30-2016

Hi Olivier Delaporte,

Sound like you are only trying to configure a S2S with hairpinning.

(172.16.1.0/24)siteA------------------siteB(172.16.10.0/24)-------------------siteC(192.168.20.0/24)

If i am understanding correct this link is going to help you with the configuration:

https://supportforums.cisco.com/document/12752536/how-configure-site-site-vpn-hairpinning-cisco-asa-firewall

Hope this info helps!!

Rate if helps you!!

-JP-

View solution in original post

JP Miranda Z · ‎09-30-2016