01-24-2024 08:50 AM - edited 01-24-2024 08:52 AM
I am new to configuring VPNs and have this topology.
Background: we just added site 3 and created the VPN connection and it is currently working.
site 3 ---VPN------- site 1------VPN----- site2
Site 1 can communicate with both site 2 and 3. However, site 2 cannot communicate with site 3 and vice-versa. I thought this would be a simple fix on an acl/nat rule, but I cannot seem to figure this out. I am happy to provide configurations to help.
edit: I should also include that I did a packet tracer on site 1 from the subnets of 2 to 3 and it showed that it was allowed.
Solved! Go to Solution.
01-24-2024 08:55 AM
it simple but need correct steps
1- Site1 to Site2 VPN
in Site1
ACL permit LAN-Site1 to LAN-Site2
ACL permit LAN-Site3 to LAN-Site2
in Site2
mirror of above ACL
route in site2 toward site1 for site3LAN
2-Site1 to Site3
in Site1
ACL permit LAN-Site1 to LAN-Site3
ACL permit LAN-Site2 to LAN-Site3
in Site3
mirror of above ACL
route in site3 toward site1 for site2LAN
that it
MHM
01-24-2024 08:55 AM
it simple but need correct steps
1- Site1 to Site2 VPN
in Site1
ACL permit LAN-Site1 to LAN-Site2
ACL permit LAN-Site3 to LAN-Site2
in Site2
mirror of above ACL
route in site2 toward site1 for site3LAN
2-Site1 to Site3
in Site1
ACL permit LAN-Site1 to LAN-Site3
ACL permit LAN-Site2 to LAN-Site3
in Site3
mirror of above ACL
route in site3 toward site1 for site2LAN
that it
MHM
01-24-2024 09:07 AM
Are these ACEs going to be added to ACL that is matched by the crypto map?
01-24-2024 09:11 AM
yes friend
MHM
01-24-2024 10:00 AM
Thank you, I was applying the ACLs in the wrong spots.
01-30-2024 06:42 AM
Do you think you could help with one more connection issue?
01-30-2024 06:53 AM
sure friend what is your issue
MHM
01-30-2024 06:57 AM - edited 01-30-2024 07:00 AM
Your solution worked and we have connectivity, but our remote-access VPN users do not. They get a 192.168.252.0/24 address, so I thought it would be easy and just to add that network to ACLs, cryptomap, etc. But, that does not seem to be working, so I was wondering if you had any ideas?
I should mention that the users have connectivity to site-2 but not site-3, I tried to mirror the config on site 2 (changing the networks to reflect site) but it does not work or I missed something.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide