Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
0
Helpful
1
Replies

Routing remote network with ASA5505

nshoe18
Level 1
Level 1

‎12-07-2011 02:25 PM

I am working with a client who has the below setup, I know it is a little confusing.

Remote ASA -------- ASA at Home Office --------- 4506 --------- 2811 Router P2P ----------- 2811 Router P2P --------- 2960 ------- Server

So the remote ASA connects to the network at the Home Office using a L2L tunnel. All internal networks route fine that terminate at the 4506. They have a second remote site that is connected via 2 2800's as above with a leased line Metro. The clients on teh back side of that point to point need to be able to access resources behind the remote ASA. We can get pinging to work from the inside interface on the remote ASA to the server on the back side of the point to point. The issue arises that any client on the back-end of the remote ASA cannot ping or access anything on the back-end of the point to point. When we do a traceroute from the back of the remote asa the traffic all goes out the outside interface not the inside. Attached is the config from the devices, named as above (of course with IPs changed).

Is this doable or am I chasing a ghost here?

Thanks in advance!!!

Labels:
118535-4506.txt.zip
118553-Remote ASA.txt.zip
118534-Home Office ASA.txt.zip
118552-2811 P2P Remote.txt.zip
118551-2811 Router P2P.txt.zip
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎12-08-2011 06:27 AM

The RemoteASA IP network is 192.168.1.0/24

Only looking at the "Home Office" config,

1) There is no IP route for the 192.168.1.0/24

2) 192.168.1.0 appears in various ACL's

I think you have an IP overlap.

0 Helpful
Customers Also Viewed These Support Documents