Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Connectivity to adjacent networks from remote VPN site

Hub and spoke topology with Corporate office acting as hub (192.168.1.x) and remote sites connected via frame relay, all except another network (172.16.x.x) in the Corporate building connected via 3560 switch.

From my remote vpn site (10.0.1.x) I can ping the 172.16.x.x network, but not the 192.168.1.x network. What i'm trying to do is allow traffic from the remote 10.0.1.x network (that directly connects via VPN to the 172.16.x.x network) to reach the 192.168.1.x network and vise versa.

I'm sure its some combination of NAT/Routing issue that i'm overlooking.

I'm new to PIX/ASA's in general and this is the first L2L vpn that i've setup. If someone can point me in the right direction I would appreciate it.

thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Connectivity to adjacent networks from remote VPN site

So it looks like this?

10.0.1.x -> L2L tunnel -> Corp. ASA - > 172.16.x.x -> 3560 -> 192.168.1.x

and you can currently communicate over the tunnel between 10.0 and 172.16? To be able to communicate between 10.0 and 192.168.1 you need to specify this as interesting traffic and add it to your crypto and nat exemption acl's.

Corp Site

access-list extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0

access-list extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0

nat (inside) 0 access-list

Remote Site

access-list extended permit ip 10.0.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list extended permit ip 10.0.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list

2 REPLIES
Green

Re: Connectivity to adjacent networks from remote VPN site

So it looks like this?

10.0.1.x -> L2L tunnel -> Corp. ASA - > 172.16.x.x -> 3560 -> 192.168.1.x

and you can currently communicate over the tunnel between 10.0 and 172.16? To be able to communicate between 10.0 and 192.168.1 you need to specify this as interesting traffic and add it to your crypto and nat exemption acl's.

Corp Site

access-list extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0

access-list extended permit ip 192.168.1.0 255.255.255.0 10.0.1.0 255.255.255.0

nat (inside) 0 access-list

Remote Site

access-list extended permit ip 10.0.1.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list extended permit ip 10.0.1.0 255.255.255.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list

New Member

Re: Connectivity to adjacent networks from remote VPN site

Thank you. I didn't realize i needed the crypto map & acl for the adjacent network.

All is good.

115
Views
0
Helpful
2
Replies
CreatePlease to create content