07-16-2014 07:36 PM - edited 03-11-2019 09:28 PM
I inherited an ASA 5505 which is already connecting to the Internet. There is also a sit-to-site VPN up and running between me and another ASA 5505 in the UK.
I need to connect my current inside network to another internal network on a different subnet. I've tried different suggestions that I've come across in the forums but none have worked. I may very well be doing something wrong but I have to wonder if the site-to-site VPN is somehow making my configuration requirements more complex then if it wasn't configured?
My OUTSIDE interface connect to a cable modem.
My INSIDE interface connects to a network of 192.168.2.0/24
My IPC_PHONE interface connects to a network of 192.168.4.0/27
I have security plus license.
All I really need is to hit one specific machine ( 192.168.4.8 ) on the IPC_PHONE network from my INSIDE network.
My understanding is that I need NAT rules but nothing I've tried seems to work.
I'm new at this and use ASDM for config although the CLI would be fine if I needed to use that.
I'm attaching the current router config - there are entries I know I no longer need that were prior to configuring the local VPN access I just haven't removed them yet. I don't think they should affect my problem though.
I have tried over and over with advice from these forums and can't seem to make any headway.
Can anyone point me in the right direction?
Thank You
Chip Pursell
Solved! Go to Solution.
07-16-2014 08:28 PM
object network obj-192.168.2.0
subnet 192.168.2.0
object network 192.168.4.8
host 192.168.4.8
07-16-2014 08:28 PM
object network obj-192.168.2.0
subnet 192.168.2.0
object network 192.168.4.8
host 192.168.4.8
07-16-2014 09:46 PM
That was it! You F-in rock. I can't even begin to tell you how happy this makes me.
If you're ever in NYC I owe you a beer ( at least ).
Thanks again
08-18-2018 02:14 AM - edited 08-18-2018 03:05 AM
Hi All.
I have a site to site vpn between 1x asa 5506 (HQ) & 1x asa 5505 (remote). I cannot test the config until remote f/w is deployed on site (remote).
Setup HQ
x.x.x x - outside
10.221.31.0 - inside
10.221.2.0 - Server group 1
10.221.4.0 - Server group 2
10.221.6.0 - Server group 3
route 0.0.0.0 0.0.0.0 x.x.x.x outside
VPN Tunnel configured
My HQ question: do i need to create vlans for .2.0 - .4.0 - .6.0 servers and route the vlans to 10.221.31.1 inside gateway address for remote site to reach them ?
Remote Site
x.x x x - outside
192.168.33.0 - inside
192.168.33.50-200 dhcp pool configured working assigns dhcp + dns
route - 0.0.0.0 0.0.0.0 x.x.x.x outside
route - 192.168.33.0 255.255.255.0 192.168.33.1 inside - route already there message when trying to add manually, but can't see it in routing table.
VPN Tunnel configured
My REMOTE question: do i need to setup any additional routing/access list/natting at HQ f/w to reach HQ servers from REMOTE site.
Many Thanks in advance.
This is my first post and new to Cisco.
08-18-2018 05:45 AM
08-19-2018 05:50 AM
Hi and thanks for your reply.
No patting in vpn.
HQ question.
Is the server range 10.221.2.0 and.4.0 and .6.0 able to communicate with 10.221.31.0 network without adding a static route or should i use EIGRP to update routes dynamically.
physical connectivity:
layer 2 switch
asa 5506 f/w
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide