Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3633
Views
0
Helpful
1
Replies

ASA Interesting Traffic Question

andres.lara
Level 1
Level 1

‎04-04-2012 12:08 PM

I am very new to the Cisco ASA and I have a question about the ACLs that are used to define interesting traffic.  From what I've been told that these ACLs must match exactly on both ends of the tunnel in order for the LAN to LAN (IPSec) Tunnel to work.  We have a organization that we work with and who accesses a server within our LAN.  The current L2L tunnel allows them access to our 192.168.5.x network from their 172.16.2.x network.  I justed that discovered that this server redirects them to 192.168.2.x when they try to access a specific function.  I was hoping to just add the 192.168.2.x network to the ACL that defines interesting traffic, but I don't think it will be that easy.  It seems to me that the other end of the L2L tunnel will need to define that network in their ACL and configure the approriate routing.  Can any of  you help me understand this better?

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎04-04-2012 02:08 PM

Hi,

If you have at the moment configured your L2L VPN between (for example) 192.168.5.0/24  and 172.16.2.0/24 networks and they need to also access your network 192.168.2.0/24, you will have to add that network to your ACL matching the VPN traffic.

Basicly you will need the ACL line:

access-list permit ip 192.168.2.0 255.255.255.0 172.16.2.0 255.255.255.0

You'll probably also need NAT0/NAT Exempt statement

access-list permit ip 192.168.2.0 255.255.255.0 172.16.2.0 255.255.255.0

nat () 0 access-list

And ofcourse you will need the same as a mirror image on the other VPN device


- Jouni

0 Helpful
Customers Also Viewed These Support Documents