cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


148
Views
0
Helpful
1
Replies
Beginner

Cisco ASA and InterVLAN routing

Hi,

 

We have a data/voice network (VLAN1 and VLAN100 respectively), on the voice network resides our PABX server and i need to access the web interface of this device over our VPN network to which the ASA in question is a part thereof. 

 

The data network on VLAN 1 is 192.168.1.0/24 and the Voice network on VLAN 100 is 192.168.100.0/24.

 

What sort of configuration is needed on the client side ASA so that i can access the 192.168.100.0/24 network over the other segments of our VPN network?

 

Cheers.

 

 

1 REPLY 1
Highlighted
Beginner

Re: Cisco ASA and InterVLAN routing

To clarify, the ASA is on the customer's site with connected interfaces in VLAN1 and VLAN100? You then have, I presume a site-to-site VPN or remote access VPN to the ASA from your end? Is this correct?

 

If so, for the VPN are you encrypting the interesting traffic of 192.168.100.0/24 from your blocks?

 

On the ASA you should have an ACL, which should be applied to a crypto map for example:

 

access-list client extended permit ip object-group client-networks  object-group our-networks

crypto map outside-map 20 match address client.

 

The object-groups (client-networks) should have the objects with the necessary networks in i.e. 192.168.1.0/24 and 192.168.100.0/24. Our-networks should contain your netblocks for instance 10.10.10.0/24

 

If the VPN is fine and VLAN 100 is not connected to the ASA, you will need a route from the ASA to something which has a layer3 interface on both VLAN 1 and VLAN 100. If the ASA is connected to VLAN1 and a layer3 switch has an interface on VLAN1 and VLAN100, point a route from the ASA to 192.168.100.0/24 to the VLAN1 IP address on the layer3 switch.

 

It might be worth sharing some configuration of the ASA, if you require further help.

 

Joel