Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Tunnel on ASA with multiple vlan's

I'm having an issue terminating L2L vpn and I think it's due to the fact I have multiple vlan's on my asa.  We have a 3750 that has the ISP WAN interface, the ASA External and Internal NIC's attached.  We also have our Internal VLAN's on the 3750.  The clients default gateway is their vlan ip on the asa. Internet works fine.  There is also PAT for the vlan's on outbound traffic. For instance VLAN12 is PAT'ed to, etc.

The issue is, how can I create a L2L vpn since my 'Internal' NIC is no longer on my ASA.  I tried nat (vlan12) 0 access-list TEST_VPN, but my tunnel does not come up.

Cisco Employee

Re: VPN Tunnel on ASA with multiple vlan's

Do you also add the additional VLAN in the crypto ACL on both sites?

Re: VPN Tunnel on ASA with multiple vlan's


The fact of having multiple VLANs on the ASA is no problem.
Did you add the VLAN into the interesting traffic as halijenn say?

When you try to establish the tunnel, do you see it trying to come up?
Do you see phase 1 getting established, then traffic being encrypted?

Let us know at which point does the tunnel fails or what do you see to try to help you out.