Hello guys,
I'm trying to solve the following configuration problem:
- customer has an ASG220 as a main box with web security
- then they have 3 ASG120s as branch office units with base licenses
- the 120s are connected to the ASG220 with IPSec site-2-site tunnels via Internet
- local branch office networks have internet access through the IPSec tunnel with Web Security applied on the main ASG220 which works without problems
- services hosted at the main site are accessible from all branches without problems through the tunnels
- however the customer requests that each branch office is able to access any other branch office's local network without having to put up dedicated site-to-site tunnels between all branches (eg. to be able to reach any branch through the single IPSec tunnel connected to the main ASG220) so they can communicate like this:
Client(A)----[ASG120-1]===IPSec===[ASG220]===IPSec===[ASG120-2]----Client(B)
I did run out of ideas.
I can see the traffic from client-a on the internal interface, I can see it entering the ipsec0 interface on the ASG120, then I can see it arriving through the ipsec interface to the main ASG220 and that's it... It does never reach the other ASG120 nor the Client-B...
I did try non strict routing with static routes to no avail...
Any ideas?
Thanks for any thoughts,
Zdenek
This thread was automatically locked due to age.