Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
763
Views
0
Helpful
1
Replies

Network Infrastructure

Go to solution
Roger Richards
Level 1
Level 1

ā€Ž10-15-2013 07:24 AM - edited ā€Ž03-03-2019 07:11 AM

Good day community. I do have a little bit of a struggle (well maybe alot) I need advice of the the Pros. Here is my scenario. We currently have a site-to-site VPN, voice and data networks on both sides. Our network is also flat and planning to implement VLANs. We have two ASA 5510 connecting the  vpn and cisco 2950 switches.

We now have a 2921 for VLAN routing.

Ok hopefully I am making sense, but if we now create vlans for our network, how will setup the vlans to talk to each other accross the VPN connection?

Can we currently keep both asa and the 2921? whats the best way to handle this task?

Labels:
15369162-example.vsd.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž10-27-2013 12:08 PM


Two basic things are necessary in your situation:

1. The 2921s route the traffic for the remote site via the local ASA. If the ASA is already the default gateway for the 2921 that will happen automatically, otherwise you need to modify your routing so that happens (via either running a dynamic routing protocol on the ASA or simply putting a static route in each 2921).

2. When you setup a site-site VPN, the key bit (after identifying the peers to each other and their shared key etc.) is defining what traffic is "interesting". You define the remote networks in an access list on the ASA and the VPN refers to that access-list via a cryptomap. If also exempts that traffic from being NATted so it appears with its native address at the remote site.

If you use the Site-Site VPN wizard in ASDM (the ASA GUI), it will walk you through all the necesary steps to setup what I describe in #2 above.

Hope this helps, please rate helpful posts.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž10-27-2013 12:08 PM


Two basic things are necessary in your situation:

1. The 2921s route the traffic for the remote site via the local ASA. If the ASA is already the default gateway for the 2921 that will happen automatically, otherwise you need to modify your routing so that happens (via either running a dynamic routing protocol on the ASA or simply putting a static route in each 2921).

2. When you setup a site-site VPN, the key bit (after identifying the peers to each other and their shared key etc.) is defining what traffic is "interesting". You define the remote networks in an access list on the ASA and the VPN refers to that access-list via a cryptomap. If also exempts that traffic from being NATted so it appears with its native address at the remote site.

If you use the Site-Site VPN wizard in ASDM (the ASA GUI), it will walk you through all the necesary steps to setup what I describe in #2 above.

Hope this helps, please rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card