Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problem with Routing through GRE Tunnel over ASA5510

I've a strange problem with the routing from internal network through a GRE Tunnel over an ASA5510:

The infrastructure design is as following:

Internal Network 192.168.1.x

ASA5510 as Internet Gateway with 192.168.1.1

Cisco 2600 Router for GRE L2L VPN Tunnel with 192.168.1.3 IP

SSL VPN LAN through ASA5510 with 10.1.1.x Subnet

L2L VPN Subnet through GRE L2L VPN Tunnel with 10.1.2.x Subnet

The tunnel is up and working, i can access the 10.1.2.x L2L VPN Subnet (inside) without any issue from SSL VPN 10.1.1.x Subnet (outside).

From the internal network 192.168.1.x (inside) i can only access the 10.1.2.x L2L VPN Subnet (inside) when i add on the local client a static routing "10.1.2.x MASK 255.255.255.0 192.168.1.3" - so if the packages go directly to L2L VPN Router it works, as soon there is just the ASA5510 as the default gateway in place it doesn't work.

I've added already a NAT Rule for 10.1.2.x (inside) to 192.168.1.x (inside) and back and in addition a static routing entry for 10.1.2.x Subnet through 192.168.1.3 gateway but it's still not working.

From the other side of the tunnel it's the same issue, as long there is no static routing entry on the server at 192.168.1.x subnet, you cannot access services there (e.g. AD, DNS, WWW, ...), as soon the entry is in place, it works.

It looks for me, that the ASA doesn't handle the traffic correct from 192.168.1.x Subnet to 10.1.2.x Subnet - maybe because both are "inside"?

  • LAN Switching and Routing
Everyone's tags (4)
131
Views
0
Helpful
0
Replies