cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
237
Views
0
Helpful
2
Replies

Multiple local subnets IPSec VPN

Hi everyone

 

I hope someone can help with an IPSec issue I’m currently facing. I’ve attached a fairly basic diagram which highlights the general setup.

 

We have a Cisco ASA acting as a concentrator in the DC. Remote site network has a Draytek router which IPSec tunnel is configured. This is on a leased line.

 

Draytek - 192.168.4.0/24
ASA - 10.99.0.0/16

 

All fine so far. The tunnel is up and traffic is passing as expected. Everything is working fine.

 

Now to the problem...

The remote site has a separate ADSL line with a completely separate subnet (manufacturing devices). Subnet is 10.20.21.0/24. This is configured on a Digi Transport router (router for industrial environments). We have a separate IPSec tunnel on this device to the same ASA as above.

 

I am trying route the 10.20.21.0/24 traffic over the leased line VPN without taking down the ADSL link (this router also has two OpenVPN tunnels configured for a third party so I can’t bring the wan link down).

 

I’ve tried static routes on the Digi and the Draytek router but I’m just not having any joy.

 

Is what I’m trying to do actually possible? I would appreciate any help with this one.

 

Many thanks

Everyone's tags (1)
2 REPLIES 2
VIP Advisor

Re: Multiple local subnets IPSec VPN

Are you including this subnet in crypto ACLs to be part of the SAs.
VIP Engager

Re: Multiple local subnets IPSec VPN

Hi,

I think Phase 2 is not configured properly as Source and destination subnet is not allowed in the ACL or not denied in the NAT ACL. 

 

Regards,
Deepak Kumar,
Resume duty after a long holiday