Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10272
Views
20
Helpful
32
Replies

Add new subnets to site to site VPN tunnel are already created.

Go to solution
virtuali1151
Level 1
Level 1

‎10-31-2018 10:09 AM - edited ‎10-31-2018 10:10 AM

Hello,

 

I am using a Cisco ASA 5545, ASDM 7.6, I have a site to site VPN tunnel created and now I would like to route additional traffic over that VPN tunnel.  Can you please advise how I would do this via ASDM or CLI.

 

So the current remote network is 10.210.0.0/16, I would like to route the following remote ranges over the same VPN tunnel.

 

Address space (10.208.0.0/13):


10.210.0.0/16
10.211.0.0/16
10.212.0.0/16
10.213.0.0/16
10.214.0.0/16

Labels:
32 Replies 32

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Marvin Rhoads

‎07-23-2019 01:45 PM

I take it no NAT exemption is done if no NATTING is being done for any of the local source subnets for the IPSEC tunnel correct?
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to CiscoPurpleBelt

‎07-23-2019 01:56 PM

@CiscoPurpleBelt If you do not have NAT configured at all then you would not need a NAT exemption rule. You would need a NAT exemption if you have a dynamic NAT in your configuration (i.e. for internet access), that could potentially NAT outbound traffic. The NAT exemption rule would need to be placed above the dynamic NAT rule in order to be effective.

 

HTH

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Rob Ingram

‎07-23-2019 02:20 PM - edited ‎07-23-2019 02:42 PM

In reference to IPSEC VPN, I have the following, the DM objects are being natted to itself correct? I can replace the DM objects with a object-group containing both those objects correct? Why does X.X.X.30_new appear twice?
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static X.X.X.30_object X.X.X.30_object

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents