06-09-2014 11:29 AM - edited 03-04-2019 11:07 PM
My requirement is for the public ip address for my VPN traffic to be different than the rest of my internet traffic. So I configured an ASA 5505 as a VPN device with outside interface with public ip address and inside interface 192.168.1.5. I configured another ASA5505 as default gateway 192.168.1.1 and a public ip address for Outside interface. I have a route on the default gateway (192.168.1.1) which states for 10.0.0.0/24 use 192.168.1.5. For some reason, this configuration does not work. Both routers can ping each other. Any ping to 10.0.0.X gets timed out. PLease explain why this config would not work and please suggest alternatives. THanks
06-09-2014 12:37 PM
What is the SRC and DST of the failed pings? Also, where does the 10.0.0.0/24 reside?
Thanks,
Jason
06-09-2014 02:08 PM
10.0.0.0/24 is a network off a site-to-site vpn. SRC is any host on the LAN 192.168.1.x and DST is and host on 10.0.0.0/24. The thought was that traffic to 10.0.0.0 network would go to default gateway (192.18.1.1) and then based on the static route would get redirected to 192.168.1.5.
06-09-2014 05:03 PM
Is the traffic going over the VPN ? And if so, do you see encap and decap in the sh IPSec sa? Also, Is there a routes in place for the return traffic to follow a similiar path?
06-09-2014 04:55 PM
Is the traffic going over the VPN ? And if so, do you see encap and decap in the sh IPSec sa?
07-10-2014 06:44 AM
Just checking to see if the problem has been resolved?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide