cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

329
Views
0
Helpful
7
Replies
Beginner

tunnel

hi , i have a situation. i am using vpn thats a different pool of network. (15.x.x.x) i tunneled it to the network which is regular lan network( 192.x.x.x).but there is a different vpn site to site which is a different address.(172.x.x.x) So , the problem is when i vpn , i am not able to reach the  other site to site vpn(172.x.x.x). what can be the solution? please advise. 

7 REPLIES 7
VIP Advocate

Re: tunnel

What VPN gateway device is this? IF you are using split tunneling, add the 172.x.x.x to your split tunnel list. Also, for your Site to Site tunnel, you will need to add the VPN pool network in the crypto ACL on both sides. Share the config to this thread if possible. 

Beginner

Re: tunnel

its cisco asdm 5512. in the split tunneling. there are 3 options.
1) split the network tunnel below
2) split all the networks
3) exclude the network below

if i add the 192.x.x.x i am not able to reach 172.x.x.x and if use split all networks below . it will reach 172.x.x.x but there will be no internet.

Re: tunnel

Hi,

 

Steps to perform at (192.x.x.x) device
1. Add (15.x.x.x) to Crypto ACL to allow for site to site VPN .
2. Allow access from (15.x.x.x) to (172.x.x.x) in remote access VPN or add (172.x.x.x) to split tunnel.
3. You will also need to add a no-NAT/NAT exemption rule for these two subnets


Steps to perform at (172.x.x.x) device
1. Add (15.x.x.x) to Crypto ACL to allow for site to site VPN .

SD-WAN Specialist
Spooster IT Services
Beginner

Re: tunnel

hi ,
can you please elaborate how to allow access from 15.x.x.x to 172.x.x.xin remote vpn. or add 172.x.x.x to split tunnel . and how to add no NAT/NAT exemption.
because i have asdm 5512. there are 3 options available
1) split the tunnel below
2) split all the networks
3) exclude the network below

if i add the 192.x.x.x i am not able to reach 172.x.x.x and if use split all networks below . it will reach 172.x.x.x but there will be no internet.
VIP Advocate

Re: tunnel

Hi,

Share your current configuration. It will easy for us and you to understand the issue and future required changes in the configurations.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!

Re: tunnel

Hi,

 

Here is the link for site to site VPN configuration using ASDM

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113486-ikev2-s2s-tunnel-00.html

 

Here is the link for Any-Connect VPN configuration using ASDM

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html

 

The above links have all the information regarding your questions, Please go through the docs and let me know if you have further questions.

 

If you need exact required configuration, Please send your current configuration. 

SD-WAN Specialist
Spooster IT Services
Highlighted
Beginner

Re: tunnel

its working now . thank you everyone for your assistance..