VPN Tunnel on ASA with multiple vlan's

Unanswered Question
Apr 2nd, 2010
User Badges:

I'm having an issue terminating L2L vpn and I think it's due to the fact I have multiple vlan's on my asa.  We have a 3750 that has the ISP WAN interface, the ASA External and Internal NIC's attached.  We also have our Internal VLAN's on the 3750.  The clients default gateway is their vlan ip on the asa. Internet works fine.  There is also PAT for the vlan's on outbound traffic. For instance VLAN12 is PAT'ed to, etc.

The issue is, how can I create a L2L vpn since my 'Internal' NIC is no longer on my ASA.  I tried nat (vlan12) 0 access-list TEST_VPN, but my tunnel does not come up.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Fri, 04/02/2010 - 15:07
User Badges:
  • Cisco Employee,

Do you also add the additional VLAN in the crypto ACL on both sites?

Federico Coto F... Fri, 04/02/2010 - 15:51
User Badges:
  • Green, 3000 points or more


The fact of having multiple VLANs on the ASA is no problem.
Did you add the VLAN into the interesting traffic as halijenn say?

When you try to establish the tunnel, do you see it trying to come up?
Do you see phase 1 getting established, then traffic being encrypted?

Let us know at which point does the tunnel fails or what do you see to try to help you out.



This Discussion