Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
3
Replies

Site to site VPN : adding new networks

Go to solution
LMADAdmin
Beginner
Beginner

‎05-06-2011 11:36 AM

I have a S2S VPN setup between a pair of ASAs (5510 and 5505) both running latest. Works fine and connects 3 local vLANs to the remote site, which has one /24 subnet. When I try and add a fourth local subnet it takes it but I can't get it to pass traffic to/from the new subnet.

Any ideas what I am misisng?

More details:

5510                              172.100.0.2/22

Core Switch (juniper)       172.100.0.1/22

     vLAN 10 172.100.10.0/24   Handled by the Juniper; DEF GW x.x.x.254 (works)

     default vLAN 172.100.0.0/22 (works)

     PCI vLAN 172.100.50.0/24  Handled by the ASA 5505  (works)

     vLAN 20 172.100.20.0/24     Handled by the Juniper; DEF GW x.x.x.254 (recently added, does not work)

5505                              192.168.100.1/24

     Local network 192.168.100.0/24

I have added vLAN 20 as a remote network on the 5505 and as a local network on the 5510. Applied, broke the connection and re-applied it.

When I ping from the 20 vLAN I get destination cannot be reached from an ISP upstream router and when I tracert, I get DEF GW, ASA's next Hop to the internet and one hop farther out where I get a unreachable message from that (3 hops and a fourth 'hop' that says it cannot reach)

When I ping from vLAN 10 it returns a ping. When I tracert it hits the vLAN Def GW, and then directly to the server I am trying to ping in the remote location (two hops).

I can ping all things local form the 10 & 20 vLANs and get out to the internet fine.

Any help appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions