Multiple IPSec VPN routing

arvind_mewada · ‎02-07-2010

Hi,

I have multiple site to site VPN and i am trying to make communication between all VPN LAN

means One vpn LAN network can communicate with my other VPN LAN network these both are connected with MY cisco ASA 5510.

i have enabled intra interface security and inter interface security as well but no LUCK

any extra that i have to do please help me out if any one have an answer.

kindly check attached diagram for the same

Thanks a lot for help in advance.

arvindmewada@gmail.com

Ivan Martinon · ‎02-10-2010

Besides the same security commands you need to make sure your traffic definition is correctly defined on the crypto acls for each firewall, as an example see below

Central - Network A

Remote 1 - Network B

Remote 2 - Network C

Remote 3 - Network D

If what you need to do is to allow communication from all remotes using the Central as the hub, you need to do the following

tunnel from Central to Remote 1

A to B

tunnel from Remote 1 to Central

B to A

Tunnel from Central to Remote 2

A to C

Tunnel from Remote 2 to Central

C to A

If you need then Remote 1 to Remote 2 via the central one the cofig would be

Cenral:

A to B

C to B

Remote 1

B to A

B to C

Remote 2

C to A

C to B

And so on...

Let me know if this makes sense, of course the Nat Exempt Acl should mimic this behavior.