- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 07:00 AM
Hello
I am not exactly sure what I need to add to a current site-2-site vpn specifically enable these (2) processes.
Pleased advise.
Solved! Go to Solution.
- Labels:
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 09:18 AM
Without knowing how the current site to site VPN is configured it is difficult to give you a good answer about what you need to add. Does the current site to site use a crypto map with an access list that identifies traffic to be encrypted? If so then probably you need to add some things to the access list. Does the current site to site use a tunnel and encrypt everything that goes through the tunnel. If so then you probably need to add routing logic that ensures that this traffic is forwarded through the tunnel.
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 11:23 AM
Perhaps it is a question of terminology or perhaps a question of perspective in how you define tunneling. If this is implemented on an ASA then pretty much the only option is a crypto map and an access list. But if this is implemented on an IOS router then there are options like VTI where you just configure the tunnel, there is no crypto map and there is no access list. Simply anything that is routed through the tunnel gets encrypted.
So what I am asking about is what mechanism do your site to site tunnels use?
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 09:18 AM
Without knowing how the current site to site VPN is configured it is difficult to give you a good answer about what you need to add. Does the current site to site use a crypto map with an access list that identifies traffic to be encrypted? If so then probably you need to add some things to the access list. Does the current site to site use a tunnel and encrypt everything that goes through the tunnel. If so then you probably need to add routing logic that ensures that this traffic is forwarded through the tunnel.
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 10:34 AM
Rick
Thank you for the response.
We use a crypto map and acl..
Please forgive my ignorance, I am confused by this "Does the current site to site use a tunnel and encrypt everything that goes through the tunnel"
Its a vpn tunnel so arn't all packets encrypted/decrypted?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 11:23 AM
Perhaps it is a question of terminology or perhaps a question of perspective in how you define tunneling. If this is implemented on an ASA then pretty much the only option is a crypto map and an access list. But if this is implemented on an IOS router then there are options like VTI where you just configure the tunnel, there is no crypto map and there is no access list. Simply anything that is routed through the tunnel gets encrypted.
So what I am asking about is what mechanism do your site to site tunnels use?
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 12:03 PM
Rick
Thanks again for your guidance. We are using ASA5550.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2015 12:16 PM
Rick
In order to allow File Sharing and AD Domain Trust across the ASA tunnel, it seems I would have to open several ports (135, 464, 389,636,3289,53,88 & 445)
Does this sound correct?
What else should I be considering?
