Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 Routing Question.

Forgive me if this get confusing.

I have a new ASA 5510, I have set it up for VPN use. I can vpn via IPSEC and connect to 2 of my subnets .0 and .64 (we have 4 subnets in our range) I can ping, http(s), connect to shares, SSH etc. I am using the ACL from our outgoing VPN box so I nothing there should be wrong. The problem I am having is getting to our lab network which is on the .128 subnet. I can't ping, connect, http anything.

Is there some special routing I need to do in order for people who VPN in to see that subnet? (For testing purposes the ASA is behind the firewall and connected directly to .0 subnet so I know it's not the firewall and everything else on that subnet can see our lab.)

Thanks for helping out the new guy.

Shawn

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ASA 5510 Routing Question.

Shawn-

Your .0 & .64 subnets are considered 'interesting traffic' (by an ACL) and they are not NAT'd and sent across the VPN tunnel. You need to add the .128 subnet to both the ACL that says no NAT and that specifies interesting traffic. If you run into any snags, post a sanitized config and we'll be able to give a more detailed answer.

HTH

4 REPLIES

Re: ASA 5510 Routing Question.

Shawn-

Your .0 & .64 subnets are considered 'interesting traffic' (by an ACL) and they are not NAT'd and sent across the VPN tunnel. You need to add the .128 subnet to both the ACL that says no NAT and that specifies interesting traffic. If you run into any snags, post a sanitized config and we'll be able to give a more detailed answer.

HTH

New Member

Re: ASA 5510 Routing Question.

I currently only have 1 ACL in place. Should I have another one?

Re: ASA 5510 Routing Question.

Cisco suggests using two, but it's common to only see one. Don't worry about creating another ACL.

New Member

Re: ASA 5510 Routing Question.

That worked like a Charm.

Thank you.

114
Views
0
Helpful
4
Replies