Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1530
Views
0
Helpful
5
Replies

Site to Site VPN to allow for File Sharing and AD Domain Trust.

Go to solution
Steve Coady
Level 1
Level 1

‎02-02-2015 07:00 AM

Hello

 

I am not exactly sure what I need to add to a current site-2-site vpn specifically enable these (2) processes.

 

Pleased advise.

sMc
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎02-02-2015 09:18 AM

Without knowing how the current site to site VPN is configured it is difficult to give you a good answer about what you need to add. Does the current site to site use a crypto map with an access list that identifies traffic to be encrypted? If so then probably you need to add some things to the access list. Does the current site to site use a tunnel and encrypt everything that goes through the tunnel. If so then you probably need to add routing logic that ensures that this traffic is forwarded through the tunnel.

 

HTH

 

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Steve Coady

‎02-02-2015 11:23 AM

Perhaps it is a question of terminology or perhaps a question of perspective in how you define tunneling. If this is implemented on an ASA then pretty much the only option is a crypto map and an access list. But if this is implemented on an IOS router then there are options like VTI where you just configure the tunnel, there is no crypto map and there is no access list. Simply anything that is routed through the tunnel gets encrypted.

 

So what I am asking about is what mechanism do your site to site tunnels use?

 

HTH

 

Rick

HTH

Rick

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎02-02-2015 09:18 AM

Without knowing how the current site to site VPN is configured it is difficult to give you a good answer about what you need to add. Does the current site to site use a crypto map with an access list that identifies traffic to be encrypted? If so then probably you need to add some things to the access list. Does the current site to site use a tunnel and encrypt everything that goes through the tunnel. If so then you probably need to add routing logic that ensures that this traffic is forwarded through the tunnel.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Richard Burts

‎02-02-2015 10:34 AM

Rick

 

Thank you for the response.

 

We use a crypto map and acl..

 

Please forgive my ignorance, I am confused by this "Does the current site to site use a tunnel and encrypt everything that goes through the tunnel"

   Its a vpn tunnel so arn't all packets encrypted/decrypted?

sMc
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Steve Coady

‎02-02-2015 11:23 AM

Perhaps it is a question of terminology or perhaps a question of perspective in how you define tunneling. If this is implemented on an ASA then pretty much the only option is a crypto map and an access list. But if this is implemented on an IOS router then there are options like VTI where you just configure the tunnel, there is no crypto map and there is no access list. Simply anything that is routed through the tunnel gets encrypted.

 

So what I am asking about is what mechanism do your site to site tunnels use?

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Richard Burts

‎02-02-2015 12:03 PM

Rick

 

Thanks again for your guidance. We are using ASA5550.

sMc
0 Helpful

Go to solution
Steve Coady
Level 1
Level 1
In response to Richard Burts

‎02-02-2015 12:16 PM

Rick

 

In order to allow File Sharing and AD Domain Trust across the ASA tunnel, it seems I would have to open several ports (135, 464, 389,636,3289,53,88 & 445)

Does this sound correct?

What else should I be considering?

sMc
0 Helpful
Top