This is probably obvious, but I need the help and I don't want to make changes based on guesses to our live network.
Our datacenter is one flat vlan. I created a second vlan on our layer 2 and layer 3 HP switches, and everything works fine when you're onsite. If someone tries to communicate with a host on this new vlan via one of our remote VPN tunnels or the remote IPSec VPN connection, they cannot.
The ASA handling the VPN connections has two vlans configured, the default vlan 1 (e0/1) and vlan 2 (e0/0). Both of these connect to the core HP Layer 3 switch. How do I get traffic through to the new vlan? Do I need to set a static route on the ASA for the new subnet? If so, where should the route point? Do I need to create the new vlan on the ASA as well, and then attach it to a 3rd interface since the inside interface is an access port and not a trunk port?
Thanks in advance for your help.
Just add on ASA a static route towards new subnet pointing to the SVI interface of a L3 switch (SVI with IP from the same subnet as one of ASA's interfaces), wich has SVI for that new subnet configured.
Okay, so if I understand you clearly, I have to:
1. Create the vlan on the ASA
2. Ip the vlan so that it matches the destination subnet
3. Create a static route mapping that subnet to the interface on the core switch that is doing intervlan routing
So assuming the interface on the HP switch for this new vlan is 192.168.5.1, then I'm doing:
int vlan 55
ip address 192.168.5.2
route DEV 192.168.5.0 255.255.255.0 192.168.5.1
That should then allow me to send traffic from my VPN connections (both L2L and Client) to this new vlan?