Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
198
Views
0
Helpful
0
Replies
Highlighted
Oliver Hotz
Beginner
Beginner
‎12-02-2013 09:49 AM
‎12-02-2013 09:49 AM

Problem with Routing through GRE Tunnel over ASA5510

I've a strange problem with the routing from internal network through a GRE Tunnel over an ASA5510:

The infrastructure design is as following:

Internal Network 192.168.1.x

ASA5510 as Internet Gateway with 192.168.1.1

Cisco 2600 Router for GRE L2L VPN Tunnel with 192.168.1.3 IP

SSL VPN LAN through ASA5510 with 10.1.1.x Subnet

L2L VPN Subnet through GRE L2L VPN Tunnel with 10.1.2.x Subnet

The tunnel is up and working, i can access the 10.1.2.x L2L VPN Subnet (inside) without any issue from SSL VPN 10.1.1.x Subnet (outside).

From the internal network 192.168.1.x (inside) i can only access the 10.1.2.x L2L VPN Subnet (inside) when i add on the local client a static routing "10.1.2.x MASK 255.255.255.0 192.168.1.3" - so if the packages go directly to L2L VPN Router it works, as soon there is just the ASA5510 as the default gateway in place it doesn't work.

I've added already a NAT Rule for 10.1.2.x (inside) to 192.168.1.x (inside) and back and in addition a static routing entry for 10.1.2.x Subnet through 192.168.1.3 gateway but it's still not working.

From the other side of the tunnel it's the same issue, as long there is no static routing entry on the server at 192.168.1.x subnet, you cannot access services there (e.g. AD, DNS, WWW, ...), as soon the entry is in place, it works.

It looks for me, that the ASA doesn't handle the traffic correct from 192.168.1.x Subnet to 10.1.2.x Subnet - maybe because both are "inside"?

Labels:
0 Helpful
Reply
0 REPLIES 0
Latest Contents
Cisco SD-WAN Global Forum : Quick Guide to Design, Deploy, O...
Created by ciscomoderator on 03-05-2021 12:50 PM
0
0
0
0
To participate in this event, please use the  button to ask your questions * Note: The link to join the discussion will be activated on March 8 All the knowledge of these four experts at your disposal! Cisco Software-Defined Wide Area Network (SD-WAN... view more
Community Live Event- ISR1100X-4G and ISR1100X-6G Platform O...
Created by Cisco Moderador on 03-02-2021 05:23 AM
1
0
1
0
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture (Live event -  Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&... view more
Cisco Secure Network Access Bridges the Gap
Created by Kelli Glass on 02-26-2021 04:19 PM
0
0
0
0
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience. Learn more about how these w... view more
Community Live Video - New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-24-2021 08:49 AM
0
0
0
0
(view in My Videos) Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT... view more
New Additions to the Catalyst 8000 Family- FAQ
Created by Cisco Moderador on 02-24-2021 07:23 AM
0
0
0
0
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT  Introduction Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b... view more
Content for Community-Ad