Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
761
Views
0
Helpful
4
Replies

VPN Site to Site Connection

rebazsalih
Level 1
Level 1

‎08-27-2020 05:12 AM

Hello

 

I have a VPN connection with Site B and C, I have ping between my local Subnet to Local Subnet of Both sites B and C

 

my question is how to allow local subnet of B to reach C?

 

is this possible by just allowing in Access Policy Rule?

 

I have attached the Image for more info

 

Thnaks

Labels:
Preview file
17 KB
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎08-27-2020 05:18 AM

Hi,

Just to confirm you have a VPN from "My Site" to "Site B" and another VPN from "My Site" to "Site C"?

Does "Site B" and "Site C" have a VPN directly between each other or are you expecting to route traffic through "My Site" to reach the other sites?

0 Helpful

rebazsalih
Level 1
Level 1
In response to Rob Ingram

‎08-27-2020 05:26 AM

Hello Rob,

 

No, Site B and C don't have a direct VPN connection, I want to route between them via My site

 

and For your information I use Firepower to do the route between Site C and B

0 Helpful

Rob Ingram
VIP
VIP
In response to rebazsalih

‎08-27-2020 05:31 AM

Ok understood.

 

You will need to permit traffic in the ACP, the crypto ACL includes the Site B and Site C networks and you will probably also need a NAT Exemption rule to ensure traffic between Site B and Site C is not unintentially natted, ensure the source and destination interfaces are both "outside".

 

HTH

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎08-27-2020 05:20 AM

Since we do not know the device and model - i can say possible with high level below :

 

- Those subnets need to be added  part of Intresting traffic

- Routing

- ACL / ACP

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents