Need help on setting up site-to-site VPN with vlans
I need some help setting up my first site-to-site VPN on a Cisco ASA 5525x. I've never had any trouble setting up remote access VPNs for users, but on this, I'm really stuck.
The actual tunnel itself is set up, but I'm having trouble passing traffic through it. The Rx bytes go up with pings from the remote end, but the Tx bytes never move (and the pings all fail).
Are there any sample configurations that involve a separate vlan for the remote users?
For example, the remote users are 172.17.0.0/20, and this subnet is set up at the central site as vlan 94. The ASA5525x is set up with ip address 10.99.16.10, vlan 99, connected by a trunk port to a 6509 central switch.
I've got configurations on both the ASA5525x and the 6509 side, but I'm not sure of what I have so far.... any help with be greatly appreciated!
Below is the config excerpts for the ASA and for the 6509. I believe the remote side must have some sort of NAT, but that side is not under control, so I'm not sure how it's set up exactly. They NAT translate the remote side PCs to the 172.17.0.0/20 range.
interface Vlan994 description APN users ip address 172.17.0.1 255.255.240.0 no ip redirects no ip unreachables no ip proxy-arp no ip mroute-cache
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...