Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Tunnel traffic to a subnet

We have a site-to-site vpn tunnel that works fine conecting the remote site 192.168.100.x/24 to ours 10.27.x.x/16. We have however added a subnet on our end 172.16.100.x/24 with some serves on it. We would like to tunnel traffic from the remote site to that subnet as well. Behind the ASA (that terminates the tunnel on our end) we also have a router that knows about the different subnets and how to deliver traffic to 172.16.100.x/24 in particular. The router is the default gateway for all devices on our LAN and its' gateway in turn is the inside interface of the ASA.

ASA <---> Router<---> Main LAN (10.27.x.x/16)

                  |

                  |

            172.16.100.x/24

My questions basically is how to approach this and tunnel traffic from the remote site to that new subnet.

My assumtions are that I would have to:

1. Define traffic originating from the remote site - 192.168.100.x to 172.16.100.x as "interesting" on the remote site's router so it gets tunneled.

2. Define a static route on the ASA telling it that traffic to 172.16.100.x should go through our router...or

3. Define a "Tunneled (Default tunnel gateway for VPN traffic)" as our router...

Would appreciate your input on this. Thank you!

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Tunnel traffic to a subnet

You've got it. Just define your interesting traffic on both sides, and make sure that the main ASA has a route to the new subnet. Depending on your setup you may also need to add a an entry to the no-NAT rules on both ASAs for this new traffic.

HTH,

Paul

2 REPLIES
New Member

Tunnel traffic to a subnet

You've got it. Just define your interesting traffic on both sides, and make sure that the main ASA has a route to the new subnet. Depending on your setup you may also need to add a an entry to the no-NAT rules on both ASAs for this new traffic.

HTH,

Paul

Tunnel traffic to a subnet

Paul,

Worked great. Thanks for the no-NAT reminder!

494
Views
0
Helpful
2
Replies