The dynamic VPN between Cisco SA520 and Juniper SRX is working fine. My problem is Cisco SA520, I cannot pass my three subnets (i.e. 10.10.10.0/24, 10.10.254.0/24 and 192.168.99.0/24) through the SA520's IPSEC VPN policies. In the Remote Traffic selection area of VPN policy there are four options ANY, SINGLE, RANGE and SUBNET. Choosing ANY option i can reach to my three subnets (10.10.10.0/24, 10.10.254.0/24 and 192.168.99.0/24) but this doesn't fulfill my requirement. I want to split the traffic and pass only 10.10.10.0/24, 10.10.254.0/24 and 192.168.99.0/24 through VPN and Internet traffic through the ADSL. Please help.
Re: How to pass multiple subnets through VPN?? SA520
On the SA 500 series, there is a way to do this by associating in your case 3 VPN Policies to the one IKE Policy created with the VPN Wizard.
After creating an initial IKE Policy and VPN Policy (choose remote subnet to 10.10.10.0) when running VPN Wizard, you need to create 2 more policies to reach the other two subnets (10.10.254.x, 192.168.92.x) . On the VPN ->VPN Policies page, click Add to add a VPN Policy. Make sure to select Auto Policy for Policy Type; on the Auto Policy Parameters make sure these values match your configuration and MOST IMPORTANT, on the Select IKE Policy make sure to select the name of the IKE Policy as created in VPN Wizard. Do this for both extra LANs you need to associate with the IKE Policy. You should then be able to only pass traffic to those three subnets.
Let me know if this works out for you, or if you need extra help.
I have a similar problem. I have an SA540 and another firewall doing a site-to-site vpn no problem. However, I want to be able to pass traffic on the LAN subnets of the UC540's. So the SA540's are in front of the UC's, and the UC's WAN port is just doing routing and connected to the LAN port of the SA. When I setup the vpn, I can ping both WAN ports on the UC's, but I can't ping the UC's data LAN subnet.
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...