Showing results for 
Search instead for 
Did you mean: 

IPSec tunnel between Draytek and ASA

Hi everyone, I hope you're all well.


I'm having a few issues with an IPSec tunnel between a Draytek router and Cisco ASA. The site has two LANs that run alongside each other 


LAN 1 - Main Office LAN /24
LAN 2 - Production LAN /24


At the moment, each network has it's own individual IPSec VPN running to Interfin HQ ( /16). The plan is to remove the tunnel from LAN 2 and push all traffic through LAN 1 VPN. Both networks can talk to each other internally so I now the routing is in place already onsite.


The problem is that I cannot seem to get LAN 2 traffic through the main tunnel. LAN 1 uses a Draytek Vigor router. I can see the tunnel is up and can see the traffic on the other end (ASA), but nothing for the LAN 2 traffic. I've attached the ASA config, the key snippets below:


object-group network marcus-remote
object-group network marcus-local
access-list marcus extended permit ip object-group marcus-local
nat (inside,outside) source static marcus-local marcus-local destination static marcus-remote marcus-remote

tunnel configuration is crypto map 1150

Currently, the local network on the Draytek VPN tunnel is set to /24 which nats to /24 on the ASA. That side of things is working fine. The problem I can see is that it doesn't let me add a second local subnet.

Is there anything I can do on the ASA to allow the LAN 2 traffic to pass through the tunnel?



Assistance would be greatly appreciated.




Everyone's tags (1)