Hello Eliezer,
You are right you will need to do something like this:
192.168.1.0/24 Inside ASA1 <--------------->ASA2 inside 172.16.1.0/24 | |
ASA1: access-list INSIDE_IN permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0 | |
access-group INSIDE_IN in interface inside | |
ASA2: access-list INSIDE_IN permit ip 172.16.1.0 255.255.255.0 192.168.1.0 255.255.255.0 | |
access-group INSIDE_IN in interface inside |
sysopt connection permit-vpn
To permit any packets that come from an IPsec or SSL VPN tunnel without checking ACLs for the source and destination interfaces, enter the sysopt connection permit-vpn command in global configuration mode.
You might want to bypass interface ACLs for IPsec or SSL VPN traffic if you use a separate VPN concentrator behind the ASA and want to maximize the ASA performance. Typically, you create an ACL that permits IPsec or SSL VPN packets using the access-list command and apply it to the source interface. Using an ACL is more secure because you can specify the exact traffic you want to allow through the ASA.
Let me know this works out!
Please don't forget to rate and mark as correct the helpful post!
David Castro,
Regards,