I have two sites i need to create s2s between them, problem is:
site A is the HQ that has MPLS connections and routes OSPF over to other branches so its encryption domain is the whole 192.168.x.x/16 network
site B is the branch that will need to access HQ and other branch resources by S2S with the HQ and its local networks are 192.168.20.0/24 through 192.168.24.0/24 meaning they fall under the general ACL for the HQ. The HQ has no 192.168.20-24/24 subnets on its side as those reserved for siteB.
My question is...
can i use the general ACL for site A to include 192.168.x.x/16 and 192.168.20-24.0/24 on site B to build a properly working tunnel that will allow site B to reach all other branches connected to site A (HQ) (see example bellow) ?
topology:
siteB(192.168.20.0/22)=====IPSEC s2s=====siteA(192.168.10.0/24) -------OSPF-------siteC(192.168.11.0/24)
--------OSPF------.......
--------OSPF------siteZ(192.168.45.0/24)
vpn acl on site B :
access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.252.0
192.168.0.0 255.255.0.0
reversed on site A