02-09-2017 12:14 AM
Hi All,
I have installed Cisco ASA5520 Firewall using Remote Site VPN (IPsec). We have 20 Branches connected with H.O using Cisco ASA 5505 as VPN CLIENT.
All Branches Including Mobile users (IOS,Andriod) can able to reach our H.O Network but Branch to Branch and Mobile users to Users can't communicate.
means, 1 Branch is connected with H.O and Branch 1 can't reach or ping to another Branch. so kindly assist me on it.
Regards,
Imran Ali
02-09-2017 07:49 AM
Hi Imran
It sounds like you need hairpin enabled. this will permit traffic to enter and leave the same interface.
try adding this in global config mode:
same-security-traffic permit intra-interface
02-18-2017 11:04 PM
Thank you Micheal,
I have applied this command but could not get any response still same.
Regards,
02-19-2017 03:34 AM
Hi Imran
have you added the subnets to the access lists that define vpn traffic?
eg:
remote site A - 10.1.0.0/24
remote site B - 10.2.0.0/24
head office - 10.3.0.0/24
remote site A:
access-list vpn_acl extended permit ip 10.1.0.0 255.255.255.0 10.2.0.0 255.255.255.0
access-list vpn_acl extended permit ip 10.1.0.0 255.255.255.0 10.3.0.0 255.255.255.0
remote site B
access-list vpn_acl extended permit ip 10.2.0.0 255.255.255.0 10.1.0.0 255.255.255.0
access-list vpn_acl extended permit ip 10.2.0.0 255.255.255.0 10.3.0.0 255.255.255.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide