Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


How to make second vlan accessible over VPN?

This is probably obvious, but I need the help and I don't want to make changes based on guesses to our live network.

Our datacenter is one flat vlan. I created a second vlan on our layer 2 and layer 3 HP switches, and everything works fine when you're onsite. If someone tries to communicate with a host on this new vlan via one of our remote VPN tunnels or the remote IPSec VPN connection, they cannot.

The ASA handling the VPN connections has two vlans configured, the default vlan 1 (e0/1) and vlan 2 (e0/0). Both of these connect to the core HP Layer 3 switch. How do I get traffic through to the new vlan? Do I need to set a static route on the ASA for the new subnet? If so, where should the route point? Do I need to create the new vlan on the ASA as well, and then attach it to a 3rd interface since the inside interface is an access port and not a trunk port?

Thanks in advance for your help.

Everyone's tags (3)

How to make second vlan accessible over VPN?

Just add on ASA a static route towards new subnet pointing to the SVI interface of a L3 switch (SVI with IP from the same subnet as one of ASA's interfaces), wich has SVI for that new subnet configured.


How to make second vlan accessible over VPN?

Okay, so if I understand you clearly, I have to:

1. Create the vlan on the ASA

2. Ip the vlan so that it matches the destination subnet

3. Create a static route mapping that subnet to the interface on the core switch that is doing intervlan routing

So assuming the interface on the HP switch for this new vlan is, then I'm doing:

int vlan 55

description DEV

nameif DEV

ip address


route DEV

That should then allow me to send traffic from my VPN connections (both L2L and Client) to this new vlan?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here