Routing traffic across site to site tunnel

ronfpatron · ‎10-18-2013

Here is the scenario: US ASA 5510/switch 3560, Singapore ASA 5515/switch 3570

US site 10.254.0.0/16

mpls router 10.254.18.14 vlan18

server 172.31.52.110

Singapore site 10.253.0.0/16

workstation 10.253.28.0/24 valn28

Site to site tunnel is up and running and i can ping to all vlans at both sites. 10.253.28.100 can ping 10.254.18.14.

I have a mpls router on the US site inside interface 10.254.18.14 that allows me to access a server at 172.31.52.110 at the other side of the mpls router.

If i add ip route 172.31.52.110 255.255.255.255 10.254.18.14 on the default router in singapore and run a ping to 172.31.52.110 the traffic never goes accross the tunnel, but goes directly to the internet.

Below are my trace commands from the singapore 3570 switch

Need some help on this.

Mariusz Bochen · ‎10-18-2013

Hi,

My guess would be no-nat statement, but difficult to say without seeing configs.

Regards

Mariusz

ronfpatron · ‎10-18-2013

What exactly would you need see?

Mariusz Bochen · ‎10-18-2013

NoNAT statement on the Singapore ASA.

Also which version of IOS have you got?

The best option is to post whole firewall configs so we can see exactly how it's configured and help you to correct it if needed (obviously without real external IPs, domain names etc.)

ronfpatron · ‎10-21-2013

So you were correct i had to add a the 172.31.0.0 network to both sides of the tunnel, and a NAT and we were able to get the traffic from singapore through the tunnel successfully. thanks.

Mariusz Bochen · ‎10-21-2013

I am glad you've resolve it.

Thanks for letting me know

Can you mark this as solved then please ?

Regards

Mariusz