I have an ASA L2L ASA connection (including VPN Dial-In on both ASAs) up and running. Additionally Internet connection works fine.
LAN 1----- ASA1 --------IPSec-VPN-L2L----- ASA2 ----- LAN 2.
All works fine.
Now I added a cisco 2960-x switch with an SVI Interface an 2 vlan to LAN 1.
VLAN 10-----SVI ------LAN1(VLAN1) ------ASA1-----IPSecVPN-----ASA2-----LAN2.
From VLAN 10, 20, 1 I can ping the Internet, but from VLAN 10,20 I can't reach LAN2 behind ASA2.
On ASA1 I extended my crypto-map ACL additionally to LAN1 with VLAN10,10 (Subnets) to allow it through the VPN Tunnel. Additionally I added to inside routes on ASA1 facing to the vlan10,20)
route inside 10.0.10.0 and 10.20.0 to VLAN1 interface Swicht-SVI-ASA1 transfer subnet. I think routing between switch and asa1 works because Internet access is ok. It seems to me that the source traffic doesn't enter the VPN-tunnel. Interesting. Ping from an host in vlan1-ASA1 through the VPN tunnel to LAN2 works?
Solved! Go to Solution.
When you want new IP ranges or subnets to be a part of existing VPN setup, you have to update these new ranges/subnets into all relevant configuration parts at both ends (object groups, crypto-map ACL, interface ACL, NAT, routing and so on...).
If it still does not work, please attach your configuration at both ends (in .txt files)
I hope it helps.