Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Remote VPN routing to other net

Hi....

 

We have a ASA5512 (version 8.6). I have set up the remote access vpn and it works great to reach our internal systems inside of the firewall.

But we also have systems/subnets that we reach over static VPN from out internal network, the static VPN is configured on another firewall than the ASA firewall, but is on the sama subnet as the ASA. I been trying to make a static route in the asa for the traffic that is aimed for the other subnet that we access through the static vpn tunnel, but I dont get it to work...any hints how to get this to work would be greatly appriaciated.... 

  • Firewalling
4 REPLIES
VIP Green

Are the RA VPN users able to

Are the RA VPN users able to ping the second firewall inside interface (assuming that ping is allowed to that interface)?

in the site2site VPN on the second firewall, is the RA VPN subnet configured as source interesting traffic that is to be encrypted to the remote site?

Is the remote site Firewall/Router configured the the RA VPN subnet as destination interesting traffic to be encrypted back to your local network?

Do both local and remote sites exempt the RA VPN subnet from being NATed (if applicable)?

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

Hi Marius... Thanks for your

Hi Marius...

 

Thanks for your reply.

 

yes the RA VPN users can ping the second firewall inteface.

The second firewall is a Watchguard firewall and i have done this with our old vpn firewall (also wathcguard) just added the route and then it worked. I have on the site2site vpn firewall added the route for the RAVPN users network so it is routed back correctly,  but it doesnt work....

The traffic is not NATed...

VIP Green

How are you implementing the

How are you implementing the route on the ASA? (I mean the command you are using)

If you put the route in the ASA and then try to ping the remote site, do you see drop messages in the Watchguard firewall log?  Or does the firewall encrypt and pass the traffic?

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
New Member

Hi ... I used the command:

Hi ...

 

I used the command:

 

route inside 192.168.15.0 255.255.255.0 10.1.2.2 1

Now i see that traffic gets to the watchguard FW, and it is allowed, but I think it is not routing the traffic through the vpn tunnel...will troubleshoot it, thanks for the hint.

29
Views
0
Helpful
4
Replies