Re: new interface

sahara101 · ‎11-08-2022

Hello,

i need to create a new vlan with internet access. In the cisco firewall on the particular context I created a new interface. Internet works, all ok.

The problem is that the subnet is the same as the subnet on the customer side which is connecte dto us over vpn. The moment I enable the interface the ping over vpn stops.

How can I make sure that I can use subnet 10.10.0.0 on our side but at the same time the connection to 10.10.0.0 over vpn does not break? VPN is connected from 10.11.0.0 to 10.10.0.0, so another interface in the same context.

In the end we will do an overlapping VPN, but first we need to test some things out and the network 10.10.0.0 on our side is not allowed to speak to the customer and also not to the other interfaces.

Thanks!

balaji.bandi · ‎11-08-2022

is this ASA FW, look some below example :

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/211275-Configuration-Example-of-ASA-VPN-with-Ov.html

other good one :

https://www.petenetlive.com/KB/Article/0001446

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sahara101 · ‎11-08-2022

yes, asa fw. Right now I am looking for the connection to work without disrupting the existing vpn.

10.10.0.0 must exist in our network, it must not speak to the customer side, so for now I do nt need the overlapping vpn.

But since we already have a vpn on this context from 10.11.0.0 to 10.10.0.0, the moment I enable the interface, I lose the ping over VPN.

balaji.bandi · ‎11-08-2022

if you not overlapping you do not the one I referenced.

But since we already have a vpn on this context from 10.11.0.0 to 10.10.0.0, the moment I enable the interface, I lose the ping over VPN.

post the config

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help