Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
242
Views
0
Helpful
1
Replies

ASA re-route to VPN router.

lawrence.dwight
Level 1
Level 1

‎01-05-2015 02:38 PM - edited ‎03-05-2019 12:29 AM

I have a Cisco ASA 5505 which is the default router (as in the diagram) and a newer router which is being used for mobile VPN exclusively. Eventually the Cisco ASA 5505 will be decommissioned and the VPN router will be the sole router, but for the time being I do not want to remove it.

The issue I'm having is communicating between the subnet used by VPN clients and LAN clients. If I setup a static route on the client PC there are no issues. I.e. VPN and LAN client can communicate as expected. I would rather not have to setup static routes on each LAN clients so I thought the Cisco ASA 5505 could do the routing instead.

I thought static route on the ASA a below (configured via ASDM) would work.

Interface: LAN

IP Address and netmask: VPN Subnet

Gateway IP: LAN IP 2 (IP address of VPN router on the LAN)

I thought that would be sufficient, but it seems it isn't.

I added a NAT Exemption for the VPN subnet. Still no good. It seems there are some NAT issues, but I want it to be exempt... Not a Cisco expert, so I would rather use ASDM if possible.

Thanks,

LD

Labels:
Preview file
66 KB
0 Helpful
1 Reply 1

rafael_acc
Level 1
Level 1

‎01-05-2015 03:07 PM

Just before I even look any further, i just thought i'd mention this: make sure you are not using the "log" keyword on your access-lists used for filtering NAT traffic - NAT doesn't like that and your ACLs won't work. 

Furthermore, check your ACL counters - make sure they are being matched; once you start NAT-ing, your routing will also have to  be adjusted accordingly. 

For some reference on this, check my blog here:

http://blogbt.net/index.php/2014/01/nat-wont-work/

Let me know if this helps if not, we'll look further into it. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card