05-18-2007 11:52 AM
Hub and spoke topology with Corporate office acting as hub (192.168.1.x) and remote sites connected via frame relay, all except another network (172.16.x.x) in the Corporate building connected via 3560 switch.
From my remote vpn site (10.0.1.x) I can ping the 172.16.x.x network, but not the 192.168.1.x network. What i'm trying to do is allow traffic from the remote 10.0.1.x network (that directly connects via VPN to the 172.16.x.x network) to reach the 192.168.1.x network and vise versa.
I'm sure its some combination of NAT/Routing issue that i'm overlooking.
I'm new to PIX/ASA's in general and this is the first L2L vpn that i've setup. If someone can point me in the right direction I would appreciate it.
thanks.
Solved! Go to Solution.
05-18-2007 12:05 PM
So it looks like this?
10.0.1.x -> L2L tunnel -> Corp. ASA - > 172.16.x.x -> 3560 -> 192.168.1.x
and you can currently communicate over the tunnel between 10.0 and 172.16? To be able to communicate between 10.0 and 192.168.1 you need to specify this as interesting traffic and add it to your crypto and nat exemption acl's.
Corp Site
access-list
access-list
nat (inside) 0 access-list
Remote Site
access-list
access-list
nat (inside) 0 access-list
05-18-2007 12:05 PM
So it looks like this?
10.0.1.x -> L2L tunnel -> Corp. ASA - > 172.16.x.x -> 3560 -> 192.168.1.x
and you can currently communicate over the tunnel between 10.0 and 172.16? To be able to communicate between 10.0 and 192.168.1 you need to specify this as interesting traffic and add it to your crypto and nat exemption acl's.
Corp Site
access-list
access-list
nat (inside) 0 access-list
Remote Site
access-list
access-list
nat (inside) 0 access-list
05-18-2007 12:33 PM
Thank you. I didn't realize i needed the crypto map & acl for the adjacent network.
All is good.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide