Swedish
asked on
ASA EasyVPN Hairpinning
Hi!
I like to connect a number of asa5505 to a central asa5510 using easyvpn. There is no problem with vpn-tunnels since the local offices are connected and traffic is passing through the tunnels (internet browsing is ok).
My problem is that since the tunnels are terminated at the same interface, i can't figure out if there shall be same nat rules to permit traffic between the 2 sites.. and if it shall, how will they look?
For exempel:
firewall A has 192.168.15.0/24 as inside network and is attached to firewall C at interface 172.28.3.254
firewall B has 192.168.16.0/24 as inside network and is attached to firewall C at interface 172.28.3.254
I like to be able to ping 192.168.15.100 ( or any other adress at that net) from 192.168.16.0/24 and reverse
I have used the: "same-security-traffic permit intra-interface" command and local offices are in "network extension mode" but still no success..
Any ideas?
I like to connect a number of asa5505 to a central asa5510 using easyvpn. There is no problem with vpn-tunnels since the local offices are connected and traffic is passing through the tunnels (internet browsing is ok).
My problem is that since the tunnels are terminated at the same interface, i can't figure out if there shall be same nat rules to permit traffic between the 2 sites.. and if it shall, how will they look?
For exempel:
firewall A has 192.168.15.0/24 as inside network and is attached to firewall C at interface 172.28.3.254
firewall B has 192.168.16.0/24 as inside network and is attached to firewall C at interface 172.28.3.254
I like to be able to ping 192.168.15.100 ( or any other adress at that net) from 192.168.16.0/24 and reverse
I have used the: "same-security-traffic permit intra-interface" command and local offices are in "network extension mode" but still no success..
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.