cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
807
Views
0
Helpful
8
Replies

Multiple networks across VPN

Phil Bradley
Level 4
Level 4

I have a site to site vpn configured between a ASA 5516-x and a Cisco 819 router and I am having issues tunneling multiple networks. When I attempt to do this it only establishes the network on the first access list line on the router. I am using object groups on the ASA and regular host statements on the router since object groups are not permitted on crypto maps on the router. Here is an example:

 

Router

crypto map test 10 ipsec-isakmp

match address 110

 

access-list 110 permit ip 192.168.1.0 0.0.0.255 host 10.40.0.5

access-list 110 permit ip 192.168.1.0 0.0.0.255 host 10.41.0.5

 

When I use this I can only access the ip on the first line (10.40.0.5) and not the second one. Am I missing something? The ASA has this:

 

crypto map outside_map 1 match address outside_cryptomap

 

access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_ 2 object Remote_Network

 

object-group network DM_INLINE_NETWORK_2
network-object object Test1
network-object object Test2

 

object network Test1
host 10.41.0.5
object network Test2
host 10.40.0.5

8 Replies 8

Phil Bradley
Level 4
Level 4

Maybe I need multiple tunnels to accomplish this?