ASA client VPN routing

Hi Gurus

I have various ASA firewalls (5505, 5510) globally which are linked with site to site VPNs.  I have client VPNs for each site but want to allow users to connect to any site(s) VPN and allow traffic to all other sites.

Can anyone point me to any articles? or perhaps provide example configurations?

Who is Participating?
MikeKaneConnect With a Mentor Commented:
If all your sites are already connected, then the VPN clients would need 1 profile for each VPN endpoint.   They could connect to any endpoint and hit all other sites through the existing tunnels.    Each firewall would need the VPN client group acls modified to allow the traffic from the clients to the other sites....  
Depending on the number of sites, it may be very easy to simply create 1 tunnel from each site to each site so that traffic bound for a certain subnet would be caught by the correct crypto map, encrypted, then sent along the appropriate tunnel.    

jasonhamlettAuthor Commented:
we already have tunnels between each site..?
jasonhamlettAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.