01-11-2012 05:49 PM - edited 03-11-2019 03:13 PM
01-12-2012 11:01 AM
hI?
Can you post a topology diagram where the subnets locations are marked.
Bu here:
router rip
network 192.168.1.0
version 1
where is this subnet connected because i don't see any address in this range and you should have a network command for directed link where the other device is doing RIP
Can you post sh route output, there shouldn't be any 192.168.1.0 entry
Regards.
Alain
01-13-2012 06:58 AM
Hello Alain,
Sorry, I just got this....here is the result:
Gateway of last resort is 75.x.x.x to network 0.0.0.0
C 10.125.1.0 255.255.255.0 is directly connected, inside
C 75.x.x.x 255.255.255.248 is directly connected, outside
S* 0.0.0.0 0.0.0.0 [1/0] via 75.x.x.x, outside
Thank you....I will try to disable RIP while I am waiting to hear back just in case that is the culprit....Thanks
Also, if this helps......I am getting "Deny IP Spoof from 10.125.1.1 to 192.168.1.1 on interface inside" Messages in the ASDM...I think this is a big clue. Thank you
01-13-2012 07:20 AM
Hi,
this 192.168.1.0 network where is it located? Post a topology if it is beyond a directly connected L3 device on the inside then you must modify the RIP settings or do just a static route.
For the RIP, try this:
router rip
network 10.0.0.0
no auto-summary
version 2
But before to make sure you have a RIPv2 enabled neighbour just do ping 224.0.0.9 and you'll get the IP from the neighbour
device otherwise try with version 1
Let us know.
Regards.
Alain.
01-13-2012 07:28 AM
Hi,
I tried that and I didn't work....I think I should try without using RIP. So here is the basic topology:
The Cisco ASA connects to the inside 10. Network.....the 192. Network is behind a Netgear Firewall with a 192. adress and to a Switch which is connected to all 192. Devices........I also have 2 Terminal servers Multi-Honed with 192. and 10. addresses which can ping all the 192 devices just fine. Thank you so much....
01-13-2012 12:43 PM
Hi,
what didn't work ? the RIP v2 ? then can you configure a static route like this:
route inside 192.168.1.0 255.255.255.0 10.125.1.1 x where this is the address of the Netgear device.
You should also verify the config of the Netgear.
Regards.
Alain
01-13-2012 12:48 PM
Sorry,
The RIP connection worked but only on the Multi-Honed 10. address..sh roun said the 192. address was probably down.
The problem is still that the ASA will not see the 192. network but my Servers with Mult-Honed addresses do see the 192. network......
Trying your static route soluion now
BRB
Thank You
Update - The Static route didn't work....I get the following error after using this:
route inside 192.168.1.0 255.255.255.0 10.125.1.1 192.168.1.50
I get invalid input detected at marker ^ (the ^ is supposed to be under the dot after the last 192)
So error is where the X is here: route inside 192.168.1.0 255.255.255.0 10.125.1.1 192X
Please help.....getting down to the wire here......Thank you
01-13-2012 03:56 PM
OK, so here's where I stand.....
The Cisco can ping everything on and behind the 192. Network.....it was the Netgear, good call!!!
The only thing I need now is to allow the VPN users to access the 192. Network as well.....when I do a test connect, I can ping everything on 10. and I have the Internet with the Split Tunnel.....but nothing......of course...... on the 192. Network.
Any final help would be greatly appreciated! Thanks!!!!
Bob
01-13-2012 05:17 PM
I finally got it by building a new VPN profile.....Thank you for your help, I appreciate it!!!
Bob
01-13-2012 05:18 PM
This Topic is Answered
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide