I am experencing an issue where some of the devices at a remote site have a different default gateway other then the firewall (at the remote site). This prevents pings from the local network to those remote site devices. Does anyone have any suggestions for changes to the remote firewall that could resolve this issue?
The changes don't have to be done on the VPN-firewall. There are two simple ways (and one better but more complex way) to solve that:
1) On the DG of the remote site, add a dedicated route to your local network pointing to the LAN-address of the remote firewall. 2) Add static routes on the end-devices that have a default-gateway that is not the ASA.
3) Connect your users to a L3-switch. There you have transfer-links to the original DG and the firewall. Now the L3-switch hanldes all routing (dedicated route to the VPN-gateway and default-route to the the actual gateway.
And for completeness (but worst way to do that) also a configuration that is done on the firewall: NAT the traffic that leaves the VPN to a local LAN address on the remote site. With that the remote PCs see all VPN traffic as local and don't use the DG.
The needed configuration would be highly dependent on your ASA-version, the config you are running and what exactly you want to achieve. Perhaps it's best to open a new thread for that if you can't fix it by other solutions.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :