Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Connection VPN

Dear All,

Could you tell me!!!

I have ASA 5510 and two Pix 515 and i also connect VPN. On the ASA on Port E0/0 connect to ISP1 and E0/1 connect to Lan and Port E0/2 connect to ISP2.So The VPN connect to ISP1 to site A is OK but The ISP 2 connect to Site B it doesn't work.

Do you have advice for me ? and Do you have any document for tell one ASA one port connect to one site and other port connect to other site.

Please see in the attach file..

1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re: Connection VPN

hi rechard

What is the destination addresses for the second tunnel. as per the configuration i think it might be 192.168.2.0 series.

If it is 192.168.2.0 series then add the follow route.

route online 192.168.2.0 255.255.255.0 10.10.10.10

I think firewall is taking the outside interface path when you are establishing the second tunnel.

4 REPLIES
Community Member

Re: Connection VPN

route outside 0.0.0.0 0.0.0.0 10.10.10.10

I think this route should be route online 0.0.0.0 0.0.0.0 10.10.10.10.

And everything seems to be fine.

Rate the helpful posts.

Community Member

Re: Connection VPN

Dear Sir and All,

i'm glad to hear from you!!!:)

i changed the route already but it still the problem...Do you have any command for advice?

i chenged like below:

route online 0.0.0.0 0.0.0.0 10.10.10.10

I worry about this problem because my branch nearly open soon so it stil doesn't work.

Could you help me to solve this issue?

Best Regards,

Rechard

Community Member

Re: Connection VPN

hi rechard

What is the destination addresses for the second tunnel. as per the configuration i think it might be 192.168.2.0 series.

If it is 192.168.2.0 series then add the follow route.

route online 192.168.2.0 255.255.255.0 10.10.10.10

I think firewall is taking the outside interface path when you are establishing the second tunnel.

Community Member

Re: Connection VPN

Dear Sir,

Yes, you correct the IP:192.168.2.0 is second tunnel( link to interface name online)

OK, i will be add this command route online 192.168.2.0 255.255.255.0 10.10.10.10 on ASA ( in HQ) and will be let you know.

Best Regards,

Rechard

105
Views
0
Helpful
4
Replies
CreatePlease to create content