This has to be something easy I'm missing. I have a main site with a Cisco ASA 5520 and a remote site with a Cisco ASA 5506. I already have an ezvpn site to site set up with several vlans added. I just tried to add another one and can't get pings to go over the tunnel. My configs are below:
access-list ezvpn_split extended permit ip object-group Internal_Networks object remote_network_1
group-policy ezvpnpolicy internal group-policy ezvpnpolicy attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value ezvpn_split nem enable
username <remote site 1> password <removed> ====================
REMOTE SITE 1 ASA
vpnclient server <ezvpn server IP> vpnclient mode network-extension-mode vpnclient nem-st-autoconnect vpnclient vpngroup <ezvpn group name> password ***** vpnclient username <remote site 1 ezvpn name> password ***** vpnclient enable
PROBLEM: I have the 12.1.80.0 and the 12.1.70.0 subnets pinging to the remote subnet 12.4.1.0 just fine. I added the 12.1.60.0 subnet and can't get it pinging with the 12.4.1.0. What am I missing?
I tried removing and re-applying that nat statement, that didn't work. I tried pulling the 12.4.1.0 subnet out of the Internal_Networks and put it in it's own group, applied that to the device, that didn't work either.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
