04-22-2011 09:22 AM
Scenario:
Two VPNs
VPN A is between two hospitals.
VPN B is between one of the hospitals (hospital 1) and medical Service Providor.
Objectivie is to allow the 2second hospital to access the Medical Service providor through the first hospitals VPN B.
Equipment ASA5520 at both hospitals.
04-22-2011 10:48 AM
Hi,
Site X ---(VPN A)--- Site Y ---(VPN B)--- site Z.
You need to
1) Allow u-turn of traffin on same interface on site Y (I assume both VPNs are connected to same interface)
2) You need to make sure you allos traffic from site X to site Z in access-list for VPN A and VPN B
You need to add:
Site X : VPN A --> permit ip X Z
site Y : VPN A ---> permit ip Z X
site Y : VPN B ----> permit ip X Z
site Z : VPN B --> permit ip Z X
makes sense? :-)
Marcin
04-25-2011 07:11 AM
We tried,
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
We see the traffic in each firewall's logs. Looks like the traffic is making it around.
When we connect to the medical services from hospital A, we're succesful. But no luck when we try from hospital B.
VPNs are established on outside interface for both firewalls for hospital A and hospital B. Medical services VPN is to the outside firewall of hospital B.
Medical Services is a 3rd party, we don't have access to config. We source NAT from Hospital A to Medical Services.
04-25-2011 01:13 PM
What I would suggest is to open a TAC case.
Someone would need to follow the packet and see what the problem is and what can be done. Solving it on the forums might take a bit too long.
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide