Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
1
Replies

IPSec VPN

Network Pro
Level 1
Level 1

‎08-11-2016 11:57 AM - edited ‎02-21-2020 08:56 PM

Hi 

my setup is

ASA 1  -----------------------------------------------------------------ASA2 ----------Inside LAN SW

| (10.10.1.2/30)                                                                               10.200.1.1/24           int vlan 200 - 10.200.1.2/24

|

DMZ SW (10.10.1.1/30)

|

int vlan 100 - 10.100.1.1/24

I am trying to form a tunnel  from 10.100.1.0/24 -> 10.200.1.0/24 (No-NAT)

A point to point link exists between ASA 1 and DMZ Sw which is 10.10.1.2 and 10.10.1.1 respectively. ASA 2 just has 10.200.1.1 and 10.200.1.2 

do i need to to include interesting traffic between 10.200.1.0/24 and 10.10.1.0/30 also ? 

can you please post me the basic Site to Site vpn confirm at both ends please including NAT and any ACL ?

Thanks

Labels:
0 Helpful
1 Reply 1

JP Miranda Z
Cisco Employee
Cisco Employee

‎08-15-2016 12:09 PM

Hi Network Pro,

Any traffic that are expecting to go through the tunnel needs to be part of the interesting traffic, this is a config guide of a L2L:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100678-l2l-asa5505-config.html

If you are running a 9.x the nonat will be different:

Example:

ASA1 

object network dmzsw

subnet 10.10.1.0 255.255.255.252

object network Inside LAN SW

subnet 10.200.1.0 255.255.255.0 

nat (dmzsw,outside) source static dmzsw dmzsw destination static  Inside LAN SW  Inside LAN SW no-proxy-arp route-lookup

If you are running an version 8.2 or lower you can use the guide bellow.

Hope this info helps!!

Rate if helps you!! 

-JP-

0 Helpful
Customers Also Viewed These Support Documents