Is the traffic going over the

ddhond123 · ‎06-09-2014

My requirement is for the public ip address for my VPN traffic to be different than the rest of my internet traffic. So I configured an ASA 5505 as a VPN device with outside interface with public ip address and inside interface 192.168.1.5. I configured another ASA5505 as default gateway 192.168.1.1 and a public ip address for Outside interface. I have a route on the default gateway (192.168.1.1) which states for 10.0.0.0/24 use 192.168.1.5. For some reason, this configuration does not work. Both routers can ping each other. Any ping to 10.0.0.X gets timed out. PLease explain why this config would not work and please suggest alternatives. THanks

jbeltrame · ‎06-09-2014

What is the SRC and DST of the failed pings? Also, where does the 10.0.0.0/24 reside?

Thanks,

Jason

ddhond123 · ‎06-09-2014

10.0.0.0/24 is a network off a site-to-site vpn. SRC is any host on the LAN 192.168.1.x and DST is and host on 10.0.0.0/24. The thought was that traffic to 10.0.0.0 network would go to default gateway (192.18.1.1) and then based on the static route would get redirected to 192.168.1.5.

jbeltrame · ‎06-09-2014

Is the traffic going over the VPN ? And if so, do you see encap and decap in the sh IPSec sa? Also, Is there a routes in place for the return traffic to follow a similiar path?

jbeltrame · ‎06-09-2014

Is the traffic going over the VPN ? And if so, do you see encap and decap in the sh IPSec sa?

jbeltrame · ‎07-10-2014

Just checking to see if the problem has been resolved?

Routing with ASA 5505: