Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
2
Replies

Connect to a Computer at Site B when I'm VPNed into Site A

milkboy33
Level 1
Level 1

‎09-01-2013 08:40 PM

Hello Community

   Is there a way to configure two ASAs Site A and Site B which have a site to site VPN configured.. where if a person is VPNed into either Site A or B, that person is able to connect to *all servers in either site A or B?

Thanks,

Tom

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎09-01-2013 11:10 PM

Yes, that will work. You just have to make sure that "same-securit-traffic permit intra-interface" is set and that your crypto-definition includes all needed networks. So if you have network a.a.a.0 in site-A and b.b.b.0 in site-B and your VPN-pool in site-B is d.d.d.0, then your crypto-ACLs habve to be the following:

Site-A: permit a.a.a.0 to b.b.b.0 and permit a.a.a.0 to d.d.d.0
Site-B: permit b.b.b.0 to a.a.a.0 and permit d.d.d.0 to a.a.a.0

The split-tunnel-acl in site B has to include both networks b.b.b.0 and a.a.a.0.


Sent from Cisco Technical Support iPad App

0 Helpful

milkboy33
Level 1
Level 1
In response to Karsten Iwen

‎09-02-2013 11:10 AM

Hi Karsten,

   Thanks for the response. You are correct, but there's one thing missing. (I had TAC help us). A NAT rule needs to be put in place from Outside to Outside on both sides of the firewall that define the interesting traffic (meaning the subnet of the remote VPN pool of IPs and the remote sites internal subnet). After we did that everything worked perfectly.

-Tom

0 Helpful
Customers Also Viewed These Support Documents