URGENT: issue wth Multiple site-to-site VPN + internet
I have a very urgent request.
I am working on site-to-site VPN between HQ & site 1 and HQ & site 2. (And I am not an expert in ASA)
I was able to establish the 2 tunnels (they appear in the monitoring tab), however:
- I can only ping from HQ to site 1.
- I cannot ping from site 1 to HQ.
- I cannot ping from HQ to site 2.
- I cannot ping from site 2 to HQ.
- I don't have internet connectivity in HQ.
So what I need is complete connectivity between the 2 sites and HQ and mainiting the internet connectivity at HQ (and each of the sites, as they will have their seperate internet connections once deployed).
N.B,: All ASAs are currently in the same site and they will be shipped to the their destinations later.
I think that the NAT is the cause of the problem, however when I tried to conigure the NAT, it didn't work out.
In the HQ site, I have 12-14 VLANs.
In the sites 1 & 2, I have 6 VLANs, with the inter-VLAN routing taking place at the Ethernet 0/1 of the ASA. (intervlan routing restrictions not added yet).
HQ ip range: 172.16.59.x and 172.16.60.x (255.255.255.224)
Site 1 range: 172.16.72.x (255.255.255.224)
Site 2 range: 172.16.92.x (255.255.255.224)
You may find attached the configuration of the 3 ASAs.
In the monitoring tab in HQ it shows that:
- Tunnel to site 1: TX 0 RX 230000
- Tunnel to site 2: TX 230000 RX 975
All the configuration (except the interVLANs config of site 1 and 2) was done by graphical interface. VPN tunnels were created using the wizard.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :