cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1530
Views
0
Helpful
5
Replies

Site to Site VPN to allow for File Sharing and AD Domain Trust.

Steve Coady
Level 1
Level 1

Hello

 

I am not exactly sure what I need to add to a current site-2-site vpn specifically enable these (2) processes.

 

Pleased advise.

sMc
2 Accepted Solutions

Accepted Solutions

Richard Burts
Hall of Fame
Hall of Fame

Without knowing how the current site to site VPN is configured it is difficult to give you a good answer about what you need to add. Does the current site to site use a crypto map with an access list that identifies traffic to be encrypted? If so then probably you need to add some things to the access list. Does the current site to site use a tunnel and encrypt everything that goes through the tunnel. If so then you probably need to add routing logic that ensures that this traffic is forwarded through the tunnel.

 

HTH

 

Rick

HTH

Rick

View solution in original post

Perhaps it is a question of terminology or perhaps a question of perspective in how you define tunneling. If this is implemented on an ASA then pretty much the only option is a crypto map and an access list. But if this is implemented on an IOS router then there are options like VTI where you just configure the tunnel, there is no crypto map and there is no access list. Simply anything that is routed through the tunnel gets encrypted.

 

So what I am asking about is what mechanism do your site to site tunnels use?

 

HTH

 

Rick

HTH

Rick

View solution in original post

5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

Without knowing how the current site to site VPN is configured it is difficult to give you a good answer about what you need to add. Does the current site to site use a crypto map with an access list that identifies traffic to be encrypted? If so then probably you need to add some things to the access list. Does the current site to site use a tunnel and encrypt everything that goes through the tunnel. If so then you probably need to add routing logic that ensures that this traffic is forwarded through the tunnel.

 

HTH

 

Rick

HTH

Rick

Rick

 

Thank you for the response.

 

We use a crypto map and acl..

 

Please forgive my ignorance, I am confused by this "Does the current site to site use a tunnel and encrypt everything that goes through the tunnel"

   Its a vpn tunnel so arn't all packets encrypted/decrypted?

sMc

Perhaps it is a question of terminology or perhaps a question of perspective in how you define tunneling. If this is implemented on an ASA then pretty much the only option is a crypto map and an access list. But if this is implemented on an IOS router then there are options like VTI where you just configure the tunnel, there is no crypto map and there is no access list. Simply anything that is routed through the tunnel gets encrypted.

 

So what I am asking about is what mechanism do your site to site tunnels use?

 

HTH

 

Rick

HTH

Rick

Rick

 

Thanks again for your guidance. We are using ASA5550.

sMc

Rick

 

In order to allow File Sharing and AD Domain Trust across the ASA tunnel, it seems I would have to open several ports (135, 464, 389,636,3289,53,88 & 445)

Does this sound correct?

What else should I be considering?

sMc