07-30-2008 06:45 AM - edited 03-11-2019 06:22 AM
I have two remote vpn subnets that need to communicate. I have my access list as
access-list No-NAT extended permit ip 172.16.140.0 255.255.255.0 172.18.3.0 255.255.255.0, however this does not seem to do the trick. Could these VPN's be terminating on different interfaces such as one external, one DMZ?
Thanks in advance
07-30-2008 06:53 AM
hi,
Have you also setup an ACL allowing the traffic to this remote subnet 172.18.3.0/24 ?
07-30-2008 06:56 AM
I do have the ACL
access-list Internal line 40 extended permit ip 172.16.0.0 255.255.0.0 172.18.3.0 255.255.255.128 (hitcnt=0) 0x92cd7baf
Thanks
07-30-2008 06:59 AM
no hitcount... are you sure that any previous statement of this ACL doesn't deny the traffic ?
Is your VPN up ? ipsec or GRE ?
07-30-2008 07:08 AM
Both are IPSec and both are up. The 172.16.140.0/24 subnet is our VPN client subnet to the ASA and the 172.18.3.0/24 subnet are Cisco 871's terminating to the ASA.
07-30-2008 07:22 AM
if I right understand, both are remote...
Have you configured split-tunneling ?
07-30-2008 07:32 AM
Yes, they are both remote. I have the following split-tunnel acl:
access-list Indy-Remote_splitTunnelAcl_1 line 28 extended permit ip 172.18.0.0 255.255.0.0 172.16.140.0 255.255.255.0 (hitcnt=0) 0x5a58ce89
The main issue is i have users on the 172.18 subnet using IP communicator trying to contact users on the 172.16 subnet also using IP communicator. They cannot hear each other. The Call Manager server is located with the ASA, so I wouldn't think there would be enough delay to the packets to cause this issue.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide