03-03-2011 12:14 PM - edited 02-21-2020 05:12 PM
.........................................
Any ideas? ACL changes?THANKS SO MUCH! =)- Aaron.03-10-2011 10:08 AM
Changing the routes on both sides finally solved everything!
On the ASA:
My previous routes were
route outside 10.200.0.0 255.255.0.0 nn.nn.12.129 1
route outside 10.240.4.0 255.255.252.0 nn.nn.12.129 1
This had worked for our previous L2L connection from this ASA to another ASA. The route specified points to the external address of that ASA (Side A). For the ASA-to-Router connection, however, the route had to be changed to the external address of the router (Side B):
route outside 10.240.4.0 255.255.252.0 nn.nn.244.210 1
route outside 10.240.8.0 255.255.252.0 nn.nn.244.210 1
On the router side (Side B), the routes for the internal subnets on Side A also had to be pointed to the external address of the ASA on Side A:
ip route 10.6.4.56 255.255.255.255 nn.nn.12.130
ip route 10.6.4.57 255.255.255.255 nn.nn.12.130
ip route 10.32.244.0 255.255.252.0 nn.nn.12.130
ip route 10.32.248.0 255.255.252.0 nn.nn.12.130
The last change was that somehow the access list NONAT-ACL had become disordered, so that the permit statements were at the start. I corrected the access list to the following:
Extended IP access list NONAT-ACL
30 deny ip 10.240.4.0 0.0.3.255 10.32.244.0 0.0.3.255
40 deny ip 10.240.4.0 0.0.3.255 10.32.248.0 0.0.3.255
50 deny ip 10.240.8.0 0.0.3.255 10.32.244.0 0.0.3.255
60 deny ip 10.240.8.0 0.0.3.255 10.32.248.0 0.0.3.255
70 deny ip 10.240.4.0 0.0.3.255 host 10.6.4.56
80 deny ip 10.240.4.0 0.0.3.255 host 10.6.4.57
90 deny ip 10.240.8.0 0.0.3.255 host 10.6.4.56
100 deny ip 10.240.8.0 0.0.3.255 host 10.6.4.57
110 permit ip 10.240.4.0 0.0.3.255 any
120 permit ip 10.240.8.0 0.0.3.255 any
Connectivity is now functional on both sides!
Thanks everyone for all of your help, and I hope that this can help someone else in the future. =)
- Aaron.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide