Site to Site VPN between ASA5505 and PIX515E (one-to-multiple ip segment)
I have a problem when configure site to site between the ASA 5505 (with security base license) and PIX 515E (UR license)
The network should be somethings like:
Remote site network(10.2.3.0)<-->ASA5505<-->Internet<-->PIX515E<-->Local segment (192.168.10.0)
<-->Layer3 switch<--> other 3 segment (192.168.2x.0)
I tried to created a l2l vpn between ASA 5505 and PIX515E, the ASA 5505 local segment (10.2.3.0) and PIX515E local segment (192.168.10.0) can talk to each other success (try ping, vnc, remote desktop), but I fail to connect the segment which behind the PIX515E's layer 3 switch. The pix already had routing for the segment behind the L3 switch and the L3 switch's default gateway was pointed to PIX515E. And I already add the reverse routing in the ASA5505. I am not sure why it fail to communicate the ASA local segment to the segment behind the L3 switch. Here is the partial configure for the ASA and PIX:
For ASA 5505 configure
access-list no-nat extended permit ip 10.2.3.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list no-nat extended permit ip 10.2.3.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list vpn extended permit ip 10.2.3.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list vpn extended permit ip 10.2.3.0 255.255.255.0 192.168.20.0 255.255.255.0
Re: Site to Site VPN between ASA5505 and PIX515E (one-to-multipl
Routing is a critical part of almost every IPsec VPN deployment. Be certain that your encryption devices such as Routers and PIX or ASA Security Appliances have the proper routing information to send traffic over your VPN tunnel. Moreover, if other routers exist behind your gateway device, be sure that those routers know how to reach the tunnel and what networks are on the other side. In a LAN-to-LAN configuration, it is important for each endpoint to have a route or routes to the networks for which it is supposed to encrypt traffic.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...