I have a site to site vpn configured between a ASA 5516-x and a Cisco 819 router and I am having issues tunneling multiple networks. When I attempt to do this it only establishes the network on the first access list line on the router. I am using object groups on the ASA and regular host statements on the router since object groups are not permitted on crypto maps on the router. Here is an example:
Router
crypto map test 10 ipsec-isakmp
match address 110
access-list 110 permit ip 192.168.1.0 0.0.0.255 host 10.40.0.5
access-list 110 permit ip 192.168.1.0 0.0.0.255 host 10.41.0.5
When I use this I can only access the ip on the first line (10.40.0.5) and not the second one. Am I missing something? The ASA has this:
crypto map outside_map 1 match address outside_cryptomap
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_ 2 object Remote_Network
object-group network DM_INLINE_NETWORK_2
network-object object Test1
network-object object Test2
object network Test1
host 10.41.0.5
object network Test2
host 10.40.0.5