site-to-site route

balashovmm · ‎08-02-2011

Hello.

I have site-to-site VPN using two ASAs 5505. I can ping between two computers C1 and C2. Now I want to add subnet 192.168.1.0. How do I configure routes on ASA so that I can ping between computers C3 and C2?

Jon Marshall · ‎08-02-2011

You don't configure routes as such, you just need to add the subnet 192.168.1.0/24 to both crypto map access-lists on the ASAs. If you are doing nat exemption on the existing subnets ie. 192.168.2.x and 192.168.3.x then you will also need to setup a nat exemption for the 192.168.1.x subnet.

Jon

balashovmm · ‎08-02-2011

Thank you very much.

Now I can ping between C3 and C2, but I can’t ping form C3 (192.168.1.2) to A2(192.168.3.1).

Jon Marshall · ‎08-02-2011

Just clarify - where is A2 ?

Jon

balashovmm · ‎08-03-2011

I circle A2 on the scheme )

stillanoobin2020 · ‎08-02-2011

This is probably just a security settings issue on A2, either not allowing pings or not allowing pings from the C3 subnet.