06-21-2012 08:48 AM
Our ASA is a 5580 version 8.1(2) and is the L2L VPN peer for a handful of remote offices including a L2L VPN with a vendor who will provide a service for these remote offices. I have two questions/issues:
Thanks for any help.
Jeff
Solved! Go to Solution.
06-21-2012 08:42 PM
OK, my understanding of your topology:
ASA5580 is the HUB and you have multiple SPOKES (remote offices and vendor).
Requirement:
- Remote offices to print to vendor network via ASA5580 HUB
If the above is correct, then to answer your second question:
YES, the crypto ACL needs to be exact because it needs to mirror image, and you would need to add the crypto ACL at all 3 sites, ie: HUB, remote office, and vendor.
Example:
Remote office:
- access-list
- access-list nonat permit ip
Vendor:
- access-list
- access-list nonat permit ip host
HUB:
- access-list
- access-list
- same-security-traffic permit intra-interface
Hope that answers your question.
06-21-2012 08:42 PM
OK, my understanding of your topology:
ASA5580 is the HUB and you have multiple SPOKES (remote offices and vendor).
Requirement:
- Remote offices to print to vendor network via ASA5580 HUB
If the above is correct, then to answer your second question:
YES, the crypto ACL needs to be exact because it needs to mirror image, and you would need to add the crypto ACL at all 3 sites, ie: HUB, remote office, and vendor.
Example:
Remote office:
- access-list
- access-list nonat permit ip
Vendor:
- access-list
- access-list nonat permit ip host
HUB:
- access-list
- access-list
- same-security-traffic permit intra-interface
Hope that answers your question.
06-22-2012 05:25 AM
Jennifer thanks for the reply.
Is there something I need to do on the ASA 5580 to allow a L2L VPN to see the others? If it's just access lists that's great.
The vendor will send print jobs to the remote office printers on the 172.25.x networks, not the other way around.
Thanks for the reply.
Jeff
06-22-2012 05:27 AM
Config advised earlier under HUB is the one needed on the ASA5580
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide