Ensure that sysopt connection-permit-vpn is configured to ensure the
decrypted packets bypass any interface ACL , also ensure that the
HUBs crypto acl to each spoke permits traffic from the hubs subnet to
the spoke and traffic from another remote spoke to that spoke.
the following access-lists should be on the hub
---------------------------------
ip access-list extended ACL1
<network behind the hub> < mask> < network behind spokea
network> < mask>
<network behind spokeb> < mask> <network behind spokea network> < mask>
" match the ACL1 in the crypro map to spokea and set peer to spokea outside ip
ip access-list extended ACL2
<network behind the hub> < mask> < network behind spokeb
network> < mask>
<network behind spokea> < mask> <network behind spokeb network> < mask>
" match ACL2 in the crypro map to spokeb and set peer to spokeb outside ip
Posting your configs might help to find any potential problems faster
HTH.
On 3/18/10, Parag Hadas <Parag.Hadas_at_amdocs.com> wrote:
> Hi All,
>
> I have 3 remote sites: A, B, and C all running Cisco ASA devices with
> version
> 8.0.
> I have successfully configured a VPN tunnel between site A and B. I've also
> configured a tunnel between site B and C.
> I would like for site A to be able to get to site C THROUGH site B. I cannot
> create a direct tunnel between A and C due to circumstances.
>
> Is this possible? If so, where should I configure my routing statements?
>
> When pinged from A to C, I can see packets getting decryp at B but they
> don't
> go to tunnel to C. I have enabled same-interface-traffic intra-interface
> also.
>
> Thanks and Regards,
> Parag Hadas
>
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at http://www.amdocs.com/email_disclaimer.asp
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Warm Regards, Eseosa CCIE #23782 "The Christian is a person who makes it easy for others to believe in God." - Robert M. McCheyne Blogs and organic groups at http://www.ccie.netReceived on Thu Mar 18 2010 - 12:38:00 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART