Re: VPN Site to Site Connection

rebazsalih · ‎08-27-2020

Hello

I have a VPN connection with Site B and C, I have ping between my local Subnet to Local Subnet of Both sites B and C

my question is how to allow local subnet of B to reach C?

is this possible by just allowing in Access Policy Rule?

I have attached the Image for more info

Thnaks

Rob Ingram · ‎08-27-2020

Hi,

Just to confirm you have a VPN from "My Site" to "Site B" and another VPN from "My Site" to "Site C"?

Does "Site B" and "Site C" have a VPN directly between each other or are you expecting to route traffic through "My Site" to reach the other sites?

rebazsalih · ‎08-27-2020

Hello Rob,

No, Site B and C don't have a direct VPN connection, I want to route between them via My site

and For your information I use Firepower to do the route between Site C and B

Rob Ingram · ‎08-27-2020

Ok understood.

You will need to permit traffic in the ACP, the crypto ACL includes the Site B and Site C networks and you will probably also need a NAT Exemption rule to ensure traffic between Site B and Site C is not unintentially natted, ensure the source and destination interfaces are both "outside".

HTH

balaji.bandi · ‎08-27-2020

Since we do not know the device and model - i can say possible with high level below :

- Those subnets need to be added part of Intresting traffic

- Routing

- ACL / ACP

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help