VPN/P2P Routing

Pratik Prajapati · ‎11-08-2011

I have 3 sites.

Site A: 192.168.2.0/24

Site B: 192.168.3.0/24

Site C: 192.168.4.0/24

Site A and B are connnected to each other via a VPN between Cisco ASAs. Site A firewall is 192.168.2.250 and site B firewall is 192.168.3.1

Site A also a cisco router 192.168.2.1 which is used to connect to site C on a point to point connection.

I have a route on the site A cisco router: 192.168.3.0 255.255.255.0 192.168.2.250

Site A has following ACL:

access-list Vpnconncetion extended permit ip 192.168.4.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list nonatvpn extended permit ip 192.168.4.0 255.255.255.0 192.168.3.0 255.255.255.0

Site B has following ACL:

access-list Vpnconnection extended permit ip 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0

access-list nonatvpn extended permit ip 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0

Now the thing is a machine from site C can ping only one machine on site B which is 192.168.3.20. No other machines can be pinged.

Though Machines on site B cannot ping any machine on site C.

Machine on site B can ping cisco router on site A.

Am I missing anything here as far as routing is concerned? Can anybody suggest me?

Thanks in advance.

Pratik

acomiskey · ‎11-08-2011

Site A ASA needs a route to the 192.168.4.0 network.

route inside 192.168.4.0 255.255.255.0 192.168.2.1

Also if there is a router at Site C, it needs a route to the 192.168.4.0/24 network via Site A router.

Pratik Prajapati · ‎11-08-2011

I have that route in Site A ASA. the thing i am not getting is why i am only able to ping one address at site B from site C. The site A cisco router also has a static route pointing to site C router.