cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
313
Views
0
Helpful
0
Replies

IPSec tunnel between Draytek and ASA

Hi everyone, I hope you're all well.

 

I'm having a few issues with an IPSec tunnel between a Draytek router and Cisco ASA. The site has two LANs that run alongside each other 

 

LAN 1 - Main Office LAN 192.168.4.0 /24
LAN 2 - Production LAN 10.20.21.0 /24

 

At the moment, each network has it's own individual IPSec VPN running to Interfin HQ (10.99.0.0 /16). The plan is to remove the tunnel from LAN 2 and push all traffic through LAN 1 VPN. Both networks can talk to each other internally so I now the routing is in place already onsite.

 

The problem is that I cannot seem to get LAN 2 traffic through the main tunnel. LAN 1 uses a Draytek Vigor router. I can see the tunnel is up and can see the traffic on the other end (ASA), but nothing for the LAN 2 traffic. I've attached the ASA config, the key snippets below:

 

object-group network marcus-remote
object-group network marcus-local
access-list marcus extended permit ip object-group marcus-local 192.168.254.0 255.255.255.0
nat (inside,outside) source static marcus-local marcus-local destination static marcus-remote marcus-remote

tunnel configuration is crypto map 1150


Currently, the local network on the Draytek VPN tunnel is set to 192.168.4.0 /24 which nats to 192.168.254.0 /24 on the ASA. That side of things is working fine. The problem I can see is that it doesn't let me add a second local subnet.

Is there anything I can do on the ASA to allow the LAN 2 traffic to pass through the tunnel?

 

 

Assistance would be greatly appreciated.

 

Thanks

B

Everyone's tags (1)