03-07-2017 01:45 PM - edited 03-12-2019 02:01 AM
Hi,
I have attached a hand drawn sketch and here is the question.
Have 2 ASA 5510s in the main office. One (the main co. internet firewall (192.168.1.0/24) has an L2L ipSec VPN tunnel with the branch office (5508) (internal 172.16.0.0/16) and no issues here.
The 2nd 5510 in the main office has web server and some other devices which need to be connected with the Branch office as well. Is there a way I can do that without having to setup another L2L tunnel ? And some how make use of all the main office network devices being in the same closet and create some kind of route?
Would appreciate suggestions.
Thanks,
Ashok
Solved! Go to Solution.
03-13-2017 03:20 PM
Hi Ashok,
do you have the possibility to insert a layer 3 device that it is not the ASA?
From your schema seems that the two ASA are not able to speak between themselves, so in this case the only solution is to configure a new VPN tunnel.
Otherwise you can consider to create a point to point link between the two ASA, using a dedicated interface, and use it for routing the traffic from a 5510 to the other 5510.
Kind Regards
03-13-2017 03:20 PM
Hi Ashok,
do you have the possibility to insert a layer 3 device that it is not the ASA?
From your schema seems that the two ASA are not able to speak between themselves, so in this case the only solution is to configure a new VPN tunnel.
Otherwise you can consider to create a point to point link between the two ASA, using a dedicated interface, and use it for routing the traffic from a 5510 to the other 5510.
Kind Regards
03-14-2017 09:49 AM
Hi Andrea,
Actually I did connect the two switches, which were connected to the 'internal' interfaces of both the 5510s, so had a direct link there (which is same as suggested by your second paragraph). Then with the help of Cisco TAC, they setup the ACL and route between them using the VPN tunnel. I appreciate your taking the time and suggestion, and will mark this as the 'Correct Answer'
Thanks,
Ashok
03-14-2017 09:59 AM
Hi,
'using the VPN tunnel' I meant using the already L2L ipsec Tunnel between 192.168.1.0/24 5510 and 5508.
Just wanted to make sure I put it there.
Thanks
Ashok
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide