I am running ASA5520 with Outside, Inside, Client and Branch interfaces.
The inside interface connects to the Server farm network (192.168.0.0) only.
The client interface connects all the clients on the LAN network (172.16.0.0) to the branches (through Branch interface) and server farm with each otehr.. all these 3 interfaces ar on same security level (100).
The branch interface connets to a Border router 3825 that has all the remote brnaches on DSl and point-to-point links connecting to it.
All branches have SOHO routers 837 and connects through DSl (Data circuit) to the 3825 router at the Head office, through a VPN tunnel. the VPN config at the head office 3825 is dynamic crypto map and the branche have static with head office ip as the peer.
The problem that i am facing is .. the vpn tunnel is initiated only when a packet destined to the inside or client network is sent...
eg when a ping for network 192.168.0.0 is run only then it allows the branches to access the server farm network.
Now to connect to the client network (172.16.0.0) i have to ping again to any host on 172.16.0.0 from the branch..
my question.. since there is only one VPN tunnel from branch to head office. then why do i need to ping from the branch to 192.168.0.0 and 172.16.0.0 both seperately ?? i dont really havea problem for the 188.8.131.52. network cause everyne at the branch connects to the servers for e mail internet etc.. but 172.16.0.0. is a problem...
Cant there be a way to auto initiate the connection to 172.16.0.0 network ..... riht now i have a script running at startup on the branches that pings 172.16.0.1 ip to initiate the tunnel..
through that tunnel one subnet(192.168.0.0) is successfully connected while the other subnet (172.16.0.0) cannot.
y ?? cause since the branch location (192.168.6.0) did not send any packet to 172.16.0.0 network.. the second this branch send the first ping packet to any machine on 172.16.0.0 subnet the link is established..
but this is a problem for me since i want this link to be established if anyone on the 172.16.0.0 subnet pings to 192.168.6.0 subnet..
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...