I have installed Cisco ASA5520 Firewall using Remote Site VPN (IPsec). We have 20 Branches connected with H.O using Cisco ASA 5505 as VPN CLIENT.
All Branches Including Mobile users (IOS,Andriod) can able to reach our H.O Network but Branch to Branch and Mobile users to Users can't communicate.
means, 1 Branch is connected with H.O and Branch 1 can't reach or ping to another Branch. so kindly assist me on it.
It sounds like you need hairpin enabled. this will permit traffic to enter and leave the same interface.
try adding this in global config mode:
same-security-traffic permit intra-interface
Thank you Micheal,
I have applied this command but could not get any response still same.
have you added the subnets to the access lists that define vpn traffic?
remote site A - 10.1.0.0/24
remote site B - 10.2.0.0/24
head office - 10.3.0.0/24
remote site A:
access-list vpn_acl extended permit ip 10.1.0.0 255.255.255.0 10.2.0.0 255.255.255.0
access-list vpn_acl extended permit ip 10.1.0.0 255.255.255.0 10.3.0.0 255.255.255.0
remote site B
access-list vpn_acl extended permit ip 10.2.0.0 255.255.255.0 10.1.0.0 255.255.255.0
access-list vpn_acl extended permit ip 10.2.0.0 255.255.255.0 10.3.0.0 255.255.255.0
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: