cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
486
Views
0
Helpful
1
Replies
Leon Khanan
Beginner

IPSEC s2s ACLs

I have two sites i need to create s2s between them, problem is:

site A is the HQ that has MPLS connections  and routes OSPF over to other branches so its encryption domain is the whole 192.168.x.x/16 network

site B is the branch that will need to access HQ and other branch resources by S2S with the HQ and its local networks are 192.168.20.0/24 through 192.168.24.0/24 meaning they fall under the general ACL for the HQ. The HQ has no 192.168.20-24/24 subnets on its side as those reserved for siteB.

My question is...

can i use the general ACL for site A  to include 192.168.x.x/16  and  192.168.20-24.0/24  on site B  to build a properly working tunnel that will allow site B to reach all other branches connected to site A (HQ) (see example bellow) ?

topology:

siteB(192.168.20.0/22)=====IPSEC s2s=====siteA(192.168.10.0/24) -------OSPF-------siteC(192.168.11.0/24)

                                                                                                      --------OSPF------.......

                                                                                                      --------OSPF------siteZ(192.168.45.0/24)

vpn acl on site B :

access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.252.0 
192.168.0.0 255.255.0.0

reversed on site A

1 REPLY 1
Leon Khanan
Beginner

anyone alive?