Cisco VPN :: ASA5520 / Route Subnet Behind Site To Site To Reach Each Other

Jan 14, 2012

I have some VPN site to site ( site B and site C connect to site A ). This subnet 10.0.56.0/28 is behind site B. Another subnet 10.0.56.16/28 is behind site C. I would like to route this 10.0.56.0/28 to reach the subnet 10.0.56.16/28. Is there any possibility to do this on ASA5520 (site A)?

View 3 Replies


ADVERTISEMENT

Cisco VPN :: Route Another Subnet Traffic Via Site To Site VPN On ASA 5500

May 7, 2012

I have a functioning site-to-site VPN between two ASA 5505 appiances. Sub-net on one side is 192.168.20.0/24 (inside I/F) and on the other side is 192.168.30.0/24 (inside I/F). VPN is built over public Internet (outside I/Fs of those two ASAs).
 
Now I connected another subnet on 192.168.30.0/24 - e.g. 192.168.35.0/24. Traffic from 192.168.30.0 subnet is routed to 192.168.35.0 via Gateway at 192.168.30.250 IP.
 
My task is to make packets from 192.168.20.0 subnet to go to 192.168.35.0 subnet and vice versa.
 
I setup a static route on 20.0 ASA's Inside interface as 192.168.35.0 255.255.255.0 to 192.168.30.250. I also created NAT examptions for outbound packets from 20.0 to 35.0 and inbound as well. I also added destination network of 35.0 to VPN cryptomap traffic selection (on both ASAs).

View 2 Replies View Related

Cisco VPN :: ASA 5505 - Users Aren't Able To Reach Remote Network Through Site-to-site Tunnel

May 21, 2011

Remote-access users aren't able to reach our remote network through a site-to-site VPN tunnel between two ASA 5505's.
 
I've seen several threads about that here, I've run through the walkthrough at [URL] I've taken a stab at setting split tunnelling and nat exemption, but it seems I'm still missing something. Remote-access users can reach the main site, but not the remote site.
 
Remote-access (vpn-houston) uses 192.168.69.0/24.
The main site (houston) uses 10.0.0.0/24
The remote site (lugoff) uses 10.0.1.0/24

View 5 Replies View Related

Cisco VPN :: ASA5520 - Access-list For Site-to-Site IPSEC Tunnel

Dec 1, 2011

How can I NAT the same set of four hosts and give them access to two different networks across an IPSEC site-to-site VPN tunnel?  I'm using an ASA5520 running 8.04.
 
I have four hosts say: 10.240.1.1-10.240.1.4
 
They need access to two different networks:

205.100.150.0
140.175.200.0
 
I woud like to NAT them as something like:

7.5.210.1
7.5.210.2
7.5.210.3
7.5.210.4 

View 1 Replies View Related

Cisco VPN :: ASA 5510 - Remote Subnet Group To Access Other Site-site VPN?

Feb 14, 2011

I have a cisco ASA 5510 at the branch here. It terminates about 8 vpn tunnels and also it supports remote access clients. I just have a quick question. Can my remote sub-net group access the other remote access site-site VPN subnet group. If yes then how should i configure it.

View 6 Replies View Related

Cisco VPN :: Site To Site IPSEc Tunnel Between ASA5520 And IPSO

Aug 10, 2011

I cannot get it to work : if interesting traffic comes ffrom the IPSO side, the box would not even try to set up the tunnel. and If it comes fomr the ASA side, the box attempts to do so but it with this strange message : AM_WAIT_MSG2

View 3 Replies View Related

Cisco VPN :: ASA5520 Changing VPN GW In Site-site VPN Tunnel

Jun 14, 2012

I have a site-site VPN tunnel between my location and my remote office. My remote office is changing their ISP, so the VPN GW is getting changed. do i need to create new site-site tunnel again or changing the remote peer VPN GW in my FW is enough? FYI, i have cisco ASA5520 and my remote office has check point UTM-1 edge box.

View 1 Replies View Related

Cisco Firewall :: ASA5520 - Dual Site To Site VPN

Mar 6, 2013

I done some searching and can't come up with a definative answer any where so I'm going to ask the experts.
 
We have an ASA 5520 in our home office, connected to the Internet via IPV4 and IPV6 and it's all working great, we fully support IPV4 and IPV6 to all home office workstations and servers.  We have a branch office connected back to our home office via a IPV4 site to site VPN with IPV4 connectivity thru the Internet.  The branch office is using an ASA5505 and only has IPv4 connectivity to the Internet.
 
We would like to setup the site to site VPN so that it supports both IPV4 and IPV6 traffic, essentially giving our branch office IPV6 connectivity to the Internet (though us) and to our IPV6 services.  Most of our home office network is fully IPV6 but some older services remain IPV4 only.  I know that  the ASA5505 will give us either a IPV4 to IPV4 over IPv4 connection, we are currently using that, and it will give IPV6 to IPV6 over IPV4. But can it be configured to give both IPV4 and IPV6 to IPV4 and IPV6 over IPV4 connectivity?

View 1 Replies View Related

Cisco VPN :: ASA5520 - How To NAT Inbound Traffic From Site To Site VPN

Oct 31, 2011

I have an ASA5520 and need to set up multiple VPN's to some vendor sites. All these vendors are using 192.168.1.0 networks. All have public IP's and very little knowledge so are unable to NAT from their end.The idea is to create some /28 blocks of IP's (172.29.0.0/28) and manage this on our end.
 
How do I get this to work?  
 
example: (all IP's are fictional)
 tunnel1 
VPN
My side "outside" 10.10.10.10
Their side "outside" 20.20.20.20
 Networks
My side "inside" 172.30.30.0
Their side "inside" 192.168.1.0 NAT'ed to 172.29.0.0/28

[code]....

View 3 Replies View Related

Cisco VPN :: 5540 Site To Site VPN With Overlapped Subnet

Sep 23, 2012

I have to set up site to site VPN with overlapped network ASA 5540 and checkpoint   what is the best parctice to achive tis goal.

View 4 Replies View Related

Cisco VPN :: ASA 5505 - Site To Site Tunnel With Same Subnet

Feb 4, 2013

I have ran into this problem in the past but clearly I usually change one of the remote host sub net ranges to something other than main site. Now I am in a situation that I just have to configure it this way. I just need some insight before implementation.
 
Inside (10.10.10.x/24) ASA5505 outside (97.65.x.x) ßà (97.664.x.x) outside ASA5505 (10.10.10.x/24) 
 
Trying to create a site to site tunnel between each location with same sub net. I have found a lot of information about setting up this configuration with 8.3 and later but nothing for the image 8.4 and image 9.1(1) as everyone knows the ACL's and NAT statements are written differently now.

View 5 Replies View Related

Cisco VPN :: 5505 - Site To Site ASA / One Subnet Only Working 1 Way

Nov 23, 2011

I have a 5505 connected to 5510 via a site to site VPN, the vpn has 5 subnets on the acl list at both ends, but 2 of the subnets are assigned for remote access on the main 5510, which means the flow of traffic on these 2 subnets are main to remote, but the VPN only works if the traffic starts from remote to main.
 
both sides are set to bidirectional and I'm not sure if this is the case for all 5 subnets has remote site always sends data to the other 3 subnets first.

View 7 Replies View Related

Cisco Firewall :: ASA 5505 Site To Site VPN Route From Multiple LANs?

Dec 19, 2012

I've set up a standard site-to-site VPN between 2 ASA 5505s and the VPN is working fine for traffic between these ASAs and computers which are in the same LANs.but when I'm trying to connect to computers which are in another VLAN I have a problem.

View 1 Replies View Related

Cisco VPN :: Site-to-site Vpn With Failover ASA5520

Sep 25, 2011

One local site where i have one ASA5520 . I have to create a site to site vpn with the remote site1 and site 2.vpn with site1 is primary and other is backup. local address on ASA is 192.168.10.10 and on the remote site1 and site2 is 10.10.10.1.I have to make sure that if vpn with the site1 is active then the routing for 10.10.10.1 should be towards vpn to site1. and if it goes down then failover to vpn2 to site 2.In case if the vpn1 to site1 comes up, the traffic should shift to VPN1 to site1.Access is from ASA5520 end client to the remote server.

View 7 Replies View Related

Cisco VPN :: ASA5520 - Site-to-site VPN With ISP Failover

Apr 15, 2013

I am using the Cisco ASA 5520 with Software Version 8.2(3).  I have several site-to-site VPN connections and two separate ISP connections.  I have set up the SLA tracker for the dual ISP so that if one fails the other one takes over.  But I don't know how to do the same for the site-to-site IPSec VPN tunnels.  I have read a few discussions on the Cisco Support Community but I am really confused about what to do.  I have two outside interfaces:  outside and WAN2.  I understand you can only apply the crypto to one interface so how would I make the change to allow the VPN to failover when the primary ISP were to fail?
 
Here is my configuration for the cryptos and SLA tracker:
 
crypto map outside_map 10 match address ACL_VPN_1
crypto map outside_map 10 set pfs
crypto map outside_map 10 set peer x.x.x.x x x.x.x.x
crypto map outside_map 10 set transform-set NAME_SET
crypto map outside_map 10 set security-association lifetime seconds 28800
crypto map outside_map 10 set security-association lifetime kilobytes 4608000(code)

View 3 Replies View Related

Cisco WAN :: ASA 5512 Route Internet Via Site To Site VPN Interface

Jan 16, 2013

How to route my internet traffice through the same interface where I have my site to site vpn configuried on.1) I'm using a ASA 5512 2) configuried a site to site VPN on g0/0 interface ( leased line with internet connect to the FW) 3) have a global IP assinged to the g0/0 ( site to site vpn established between two countries using global IP address at both ends ) ,4) security level 0 for g0/0 ,  LAN users inside( g0/1) security level 100 ,What i want to know is, how can i configure my LAN users to access internet via the g0/0 interface using the same global ip address assigned to it. not to route the internet through VPN,but i want to route it to my local ISP.

View 0 Replies View Related

Cisco VPN :: Reverse Route Injection On ASA5510 Site-to-site

Jul 29, 2011

We have two ASA5510's connected to two different ISP's and both able to initiate a site-site IPsec connection to a remote site. Depending on the state of the ISP's either ASA may initiate this VPN.We use Reverse Route Injection into OSPF for VPN clients and it works fine with the route being distributed when a client connects and disappearing when there are no clients.So we thought we'd try it for our site-site VPN's. Unfortunately when we enable Reverse Route Injection the routes are distributed regardless of whether the VPN is up or not, so if one ASA has initiated a VPN it's reverse route is distributed (which is what we want) but the other ASA also distributes a route for it's non-existent VPN. The result is that our gateway routers see two OSPF routes and can't ascertain which route is actually up.
 
Is there any way to distribute the route using Reverse Route Injection (or any other method) only when a site-site VPN is actually up? For various reasons we can't use BGP or other gateway routing protocols.Our ASA5510 are currently running IOS 8.2(1)

View 2 Replies View Related

Cisco VPN :: 550 Site-to-site VPN Duplicate Subnet?

Dec 3, 2009

here is my setup:
 
ASA 5505 - 192.168.3.1
PIX 501  - 192.168.1.1
PIX 501  - 192.168.1.2
 
The ASA and the first pix device (192.168.1.1) are connected via site-to-site VPN on the ASA side and the connection works great. I can access hosts in either direction from either network.I'm attempting to add the second pix device to the ASA's site-to-site configuration, but it's not working. I suspect it's because the devices are on the same subnet, but I'm hoing to find a workaround.When I have both PIX devices setup for site-to-site on the ASA, the VPN works only for the connection that has the highest priority. The device with the lower priority can only ping the 192.168.3.1 network, but full network connections fail.Is it possible to do this without changing the subnet on the second PIX?

View 18 Replies View Related

Cisco VPN :: Site To Site Route ASAs 5505

Aug 1, 2011

I have site-to-site VPN using two ASAs 5505. I can ping between two computers C1 and C2. Now I want to add subnet 192.168.1.0. How do I configure routes on ASA so that I can ping between computers C3 and C2?

View 5 Replies View Related

Cisco VPN :: 5510 Site To Site VPN Access To Servers With Overlapped Remote Site

May 18, 2012

I have a requirement to create a site to site vpn tunnel on ASA 5510 from a remote site to my HO, ihave already other site-to-site tunnels are up and running on the ASA.The issue is my remote site has got the network address which falls in one of the subnet used in HO(192.168.10.0/24).My requirement is only  My remote site need to accees couple of my servers in HO which is in 192.168.200.0/24 subnet.

View 2 Replies View Related

Cisco VPN :: 5520 Requirement To Terminate Site-to-site VPN From Remote Site

Jun 17, 2012

We have ordered a pair of Cisco ASA5520 (ASA5520-BUN-K9).Now there is a requirement to terminate site-to-site VPN from remote site. Do we need VPN plus licence for this and how much it cost?

View 1 Replies View Related

Cisco VPN :: 877 / How To IPsec Site To Site Vpn Port Forwarding To Remote Site

Jun 13, 2012

The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
 
Below are my configure on the Cisco 877 in site A.  
 
Building configuration... 
Current configuration : 5425 bytes
!
! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
!
version 12.4
no service pad

[code]....

View 1 Replies View Related

Cisco VPN :: 5505 - Site To Site Connected But Cannot Ping Remote Site

Oct 11, 2011

cisco products and am struggling getting a VPN going between an ASA 5505 and 5510.  I have a VPN created (using the VPN wizward on both) and it shows the VPN is up, but I can't ping the remote site (from either side).

View 11 Replies View Related

Cisco VPN :: ASA 5505 / Site To Site Vpn With One Site Always Initiate A Tunnel?

Feb 7, 2011

I have ASA 5505, i configured site to site vpn between central site and remote site and is working. Now the problem is we use remote site for troubleshooting purpose, so we need to create a tunnel from remote site to central site. I need to configure such a way that remote site can craete a tunnel to central site, but central site not able to create a tunnel, it just respond to remote site.

View 3 Replies View Related

Cisco VPN :: ASA 5505 Site To Site Connection / Remote Site?

Mar 6, 2011

i have 2 router asa 5505 with base license i wanna make site to site vpn connection and remote site using vpn client to connect first i have hdsl router with 5 public ip i wanna try it by giving 1 public ip to each router and try the vpn but nothing work?

View 1 Replies View Related

Cisco :: Reach To Remote Site Via SSLVPN (ASA5505)

Feb 10, 2011

I'm having some troubles with SSLVPN connectivity. I've setup SSLVPN at one site and it works great with web access, file share, RDP plugin etc. at the local LAN on that site. But I also would like to reach another site (connected with an IPSEC tunnel). Is this possible? if it is, how do I do it?Both firewalls are ASA5505, one 8.31 and one 8.22 Just a note, it works to connect with IPSEC client and reach the remote site just fine.

View 8 Replies View Related

Cisco VPN :: ASA5510 - Site To Site With Dynamic IP In One Site

Jan 27, 2012

i want configure VPN between backoffice which have ASA5510 firewall with static IP and site which have cisco router 1861 with dynamic IP.
 
how i can configure the site to site between them?

View 2 Replies View Related

Cisco Firewall :: ASA 5505 - Can't Reach FTP Site While Inside Firewall?

Feb 26, 2011

I am trying to configure our ASA 5505 so that our users can access our ftp site using [URL] while inside the firewall. Our ftp site is setup so that you can reach it by either browsing to the above url or by browsing to ftp://99.23.119.78 but we are unable to access our ftp site from either route while inside the firewall. We can access our ftp site using the internal ip address of 192.168.1.3.
 
Here is our current confguration:
 
Result of the command: "show running-config"
: Saved:ASA Version 8.2(1) !hostname ciscoasaenable password qVQaNBP31RadYDLM encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Vlan1nameif insidesecurity-level 100ip address 192.168.1.1 255.255.255.0 !interface Vlan2nameif ATTsecurity-level 0pppoe client vpdn group ATTip address pppoe setroute !interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveobject-group service DM_INLINE_TCP_1 tcpport-object eq ftpport-object eq ftp-dataport-object eq wwwaccess-list ATT_access_in extended permit tcp any host 99.23.119.78 object-group DM_INLINE_TCP_1 access-list ATT_access_in extended permit tcp any interface ATT eq ftp access-list ATT_access_in extended permit tcp any interface ATT eq ftp-data access-list ATT_access_in extended permit tcp any interface ATT eq www access-list 100 extended permit tcp any interface ATT eq ftp

[code]....

View 6 Replies View Related

Cisco Switching/Routing :: 1941 / K9 Unable To Ping Over Site To Site IPSEC

Jul 12, 2012

I am trying to set up a site to site ipsec connection. AT site A, I have Vlan's 652-10.55.216.0/24, Vlan653 -10.55.217.0/24, Vlan 654-10.55.217.0/24 and Vlan655-10.55.219.0/24 and at site B, Vlan650-10.55.214.0/24 and Vlan651-10.55.215.0/24.The problem is that I am unable to get any associations when i do a "sh crypto isakmp sa"/"sh crypto ipsec sa" on either router at each site.I am also unable to ping by pluging in a laptop into the site at each site. Laptop at site A is set to access vlan 655 and laptop at site B is set to acess vlan 651. I can ping all the devices from one end to the other.I have turned on debug crypto isakmp, debug crypto ipsec, debug crypto ipsec errors but dont get anything at all as output.I have attached the sh run for each router Cisco (1941/K9) and switch (Catalyst 3750) at each site.

View 4 Replies View Related

Cisco Switching/Routing :: ASA 5525 - Configure Site-To-Site IPsec VPN To 3 Peers

Nov 21, 2012

I have an ASA 5525 and need to configure site to site ipsec vpn to 3 peers. I currently have an existing /28 public address from my ISP that is used by other services.Is there a way to use this existing ip range to configure IPSEC tunnels to 3 peers ?

View 10 Replies View Related

Cisco Security :: ASA 5510 - Site To Site IPSEc VPN Configuration Access List

Sep 12, 2011

I configurated Ipsec vpn at asa 5510. my inside ip 192.168.10.156my public ip: 85.x.x.xmy peer ip : 62.x.x.x
 
the project is that:
the remote site want the interesting traffic like that:
source ip 172.16.1.104 can access destination ip 10.0.154.27

My inside ip is 192.168.10.0/0 and i can not to change it 172.16.1.0/24 and i can not to add this ip at my network.

View 3 Replies View Related

Cisco VPN :: 2901 / 2921 / 5505 ASA - Router Versus Firewall Site To Site VPN?

May 30, 2013

I would like to know both Cisco 2901 or 2921 router and Cisco 5505 ASA can build site to site VPN.
 
1) what is the different to build site to site VPN between router and firewall ?

2) which is the best choice if using in site to site VPN connection ? 

View 9 Replies View Related

Cisco VPN :: 5510 Site-to-Site VPN Internet Access From Branch Office For Group

Mar 6, 2013

Our Headquarter (asa 5510) is running a site to site vpn connection with a Branch office (router 2811). All remote users are accesing the internet through the VPN and also accesing headquarter file servers.I want to know if there is a way for some remote users to be able to use the vpn for accesing the file servers but to access the internet through the branch office.  The rest of the remote users will be still accessing the internet through VPN.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved