I hope someone can help with an IPSec issue I’m currently facing. I’ve attached a fairly basic diagram which highlights the general setup.
We have a Cisco ASA acting as a concentrator in the DC. Remote site network has a Draytek router which IPSec tunnel is configured. This is on a leased line.
Draytek - 192.168.4.0/24
ASA - 10.99.0.0/16
All fine so far. The tunnel is up and traffic is passing as expected. Everything is working fine.
Now to the problem...
The remote site has a separate ADSL line with a completely separate subnet (manufacturing devices). Subnet is 10.20.21.0/24. This is configured on a Digi Transport router (router for industrial environments). We have a separate IPSec tunnel on this device to the same ASA as above.
I am trying route the 10.20.21.0/24 traffic over the leased line VPN without taking down the ADSL link (this router also has two OpenVPN tunnels configured for a third party so I can’t bring the wan link down).
I’ve tried static routes on the Digi and the Draytek router but I’m just not having any joy.
Is what I’m trying to do actually possible? I would appreciate any help with this one.
I think Phase 2 is not configured properly as Source and destination subnet is not allowed in the ACL or not denied in the NAT ACL.