Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
5
Helpful
4
Replies

Site-To_Site VPN connections

Stephen Sisson
Level 1
Level 1

‎05-12-2015 08:53 AM

We currently have customer A connecting to our Company through site-to-site VPN to Server1 10.10.2.165, through a third party vendor who handles the VPN connection on their side, we have another Company B looking to do the same thing using the same third party vendor connecting to a different server located at my Company on the same local subnet as Server1

My question is if we currently have Company A connecting to Server1 through the third party firewall to our Server1 at 10.10.2.165, we need Company B to do the same connection through the third party firewall to Server2 10.10.2.166 what’s required on our firewall to allow this.

My thoughts are to create a new network object net-remote1 with their remote subnet on our ASA 5505 firewall, add access-list outside_1_cryptomap extended permit ip host 10.10.2.166 object net-remote1

I think that’s everything to allow this connection through the current site-to-site connection, really need your expertise to make this work and commands for making this work.

I’m sending you a diagram with a visual look at the connections

Thank you all for your help

Labels:
Preview file
48 KB
0 Helpful
4 Replies 4

rizwanr74
Level 7
Level 7

‎05-12-2015 09:32 AM

what’s required on your firewall to allow access this host: 10.10.2.166, is full configuration of another site-to-site vpn connection to Company B firewall.

Do not change vpn configuration associated with Company A for Company B as they are two separate tunnels.

 

Thanks

Rizwan Rafeek

0 Helpful

Stephen Sisson
Level 1
Level 1
In response to rizwanr74

‎05-12-2015 09:32 AM

Let me give more information

Peer address for the third party vendor will stay the same on our firewall for this new Customer B and on their end they are adding Company B x.x.x.x subnet, if everything will be the same as we have for the Customer A connection why should we create a new VPN tunnel, verses using what we have now.

Thank you

0 Helpful

rizwanr74
Level 7
Level 7
In response to Stephen Sisson

‎05-12-2015 09:58 AM

If Company "B" tunnel peer IP address is the same address as Company "A", I would assume it is one and the same tunnel.  In which case, by allowing required subnet and host address on the same tunnel will enable Company "B" to access required resources.

 

Be sure to add static route on your internal switch to push remote subnet traffic towards the ASA.

 

thanks

Stephen Sisson
Level 1
Level 1
In response to rizwanr74

‎05-12-2015 10:02 AM

They are both using the same tunnel, so that's great news.

 

Thank you so much

0 Helpful
Customers Also Viewed These Support Documents