02-07-2024 03:58 AM
This one has me pulling my hair out, as I already have similar ones working.
So we have a site to site VPN between Cisco ASA and AWS. The requirement is for an Anyconnect user to connect to the firewall and then for the tunnel to the Redshift subnet to be brought up.
I have done this before succesfully with the source AC subnet and it opens another AWS tunnel ok.
So basically with this one, when I log into the BI-IP-Range AC, and RDP to a server in the Redshift subnet, the tunnel does not even attempt to come up.
So for testing I also allowed this from our internal network where the ASA is and this worked OK.
So I think this has to be either NAT or in the DAP ACL in AC. I currently have the ACL open for src 10.37.0.0/16 to 10.180.128.0/21 all IP, so dont think it is the ACL.
Below are the NATs, lines 19 & 20 are the previuosly working ones, 21 is for the AC to Redshift which is not working and 22 is the inside lan to Redshift which is working.
02-07-2024 04:18 AM
Right, me being a numpty. I had not add the new subnet to the split tunnel route list
02-07-2024 04:19 AM
So, now it is working? Or any other problems to solve?
02-07-2024 04:33 AM
Yes thanks all working now
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide