Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Vpn site to site isa 570 to asa 5505 multiple local lan

Hello, i have configured a site to site vpn with a asa 5505

In the tunnel will pass the network 172.x.x.x/16 and 192.168.x.x/24 from local isa to a single lan 192.168.x.x/24 on remote asa

I have create a group network address and i put the the default_lan and the other lan in it

In the tunnell configuration i have use this group address with local lan parameter

When the tunnel was up in the routing table i view the remote lan on interface ipsec0 but also i view the local lan on  interface ipsec0  

Is this configuration n ot supported?

Thank best regards             

3 REPLIES

Vpn site to site isa 570 to asa 5505 multiple local lan

This is normal behaviour ...

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
Community Member

Vpn site to site isa 570 to asa 5505 multiple local lan

Hello, thank for answer.

The problem is that tha second lan is a routing static lan.

The ip address of ISA is 172.16.10.254/16 and the default_lan is 172.16.0.0/16

The second lan is 202.1.1.0/24 and it is a staic lan on another gateway.

When the site-to-site ipsec go up in routing table i see three route on interface ipsec0:

The remote lan, the default-lan (that is also on default interface. Behaviour?) and a subnet lan 172.16.10.0/24.

If i ping from a lan pc an ip of subnet 172.16.10.0/24, i see that the arp is equal at mac-address of ISA and i have a problem on the lan. It's normal?

Best regards

Vpn site to site isa 570 to asa 5505 multiple local lan

No, then you have a typo in VLAN Config or ACL (255.255.255.0 instead of 255.255.0.0)

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
474
Views
0
Helpful
3
Replies
CreatePlease to create content