Issues routing internal RA VPN network on ASA5505 across IPSec Tunnels
I am creating a VPN network of 7 ASA5505 s. One device is the central or hub device.( Attachmnent Main5505)
All ASA5505 devices running ver 7.2(4)
there will be site to site tunnels to 6 other 5505 s across the internet.
Currently there are 4 of the 6 tunnels migrated over and working fine in this basic scenerio.
The local networks for the main 5505 are:
10.64.50.0 /24 and
I have included the config of one of the remote ASA5505. (Remote5505)
This remote site has internal networks:
Currently traffic can be passed between 10.64.50 and 10.64.51 nets to the remote 172.16.76 - 79 nets across the site to site IPSec tunnel. No issues there.
I have also created a RA VPN access in the same main 5505.
RA VPN users get addressed as 10.64.53.X /24
I get connected to RA VPN and get the 10.64.53.X address. I can also see and get to other 10.64.50 and 10.64.51 devices that reside at the main site. local networks of the ASA that the ra vpn net resides on are ok.
My main issue is getting the RA vpn net of 10.64.53.0 /24 (that is defined locally on the 5505) to route across the site to site tunnels in the same way that 10.64.50 and 10.64.51 do.
I cannot get from 10.64.53.X net to 172.16.76.X net, when 10.64.50 and 10.64.51 are ok. Since 10.64.53 RA net resides on the ASA it should not have to go anywhere else but the ASA itself to route across the tunnels. essentialy it needs to route back out the interface it came in on. Is this possible, if so what statements are needed.
both configs are included. the main site gets very long but most is just cookie cutter statements for all 6 remotes sites.
Can anyone offer any suggestions. When looking at the main vpn system options in the gui. I have the check box checked for : Enable inbound IPSec sessions to bypass internal acls.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...