Hi everyone, I hope you're all well.
I'm having a few issues with an IPSec tunnel between a Draytek router and Cisco ASA. The site has two LANs that run alongside each other
LAN 1 - Main Office LAN 192.168.4.0 /24
LAN 2 - Production LAN 10.20.21.0 /24
At the moment, each network has it's own individual IPSec VPN running to Interfin HQ (10.99.0.0 /16). The plan is to remove the tunnel from LAN 2 and push all traffic through LAN 1 VPN. Both networks can talk to each other internally so I now the routing is in place already onsite.
The problem is that I cannot seem to get LAN 2 traffic through the main tunnel. LAN 1 uses a Draytek Vigor router. I can see the tunnel is up and can see the traffic on the other end (ASA), but nothing for the LAN 2 traffic. I've attached the ASA config, the key snippets below:
object-group network marcus-remote
object-group network marcus-local
access-list marcus extended permit ip object-group marcus-local 192.168.254.0 255.255.255.0
nat (inside,outside) source static marcus-local marcus-local destination static marcus-remote marcus-remote
tunnel configuration is crypto map 1150
Currently, the local network on the Draytek VPN tunnel is set to 192.168.4.0 /24 which nats to 192.168.254.0 /24 on the ASA. That side of things is working fine. The problem I can see is that it doesn't let me add a second local subnet.
Is there anything I can do on the ASA to allow the LAN 2 traffic to pass through the tunnel?
Assistance would be greatly appreciated.
Thanks
B