Showing results for 
Search instead for 
Did you mean: 

Site to site VPN : adding new networks


I have a S2S VPN setup between a pair of ASAs (5510 and 5505) both running latest. Works fine and connects 3 local vLANs to the remote site, which has one /24 subnet. When I try and add a fourth local subnet it takes it but I can't get it to pass traffic to/from the new subnet.

Any ideas what I am misisng?

More details:


Core Switch (juniper)

     vLAN 10   Handled by the Juniper; DEF GW x.x.x.254 (works)

     default vLAN (works)

     PCI vLAN  Handled by the ASA 5505  (works)

     vLAN 20     Handled by the Juniper; DEF GW x.x.x.254 (recently added, does not work)


     Local network

I have added vLAN 20 as a remote network on the 5505 and as a local network on the 5510. Applied, broke the connection and re-applied it.

When I ping from the 20 vLAN I get destination cannot be reached from an ISP upstream router and when I tracert, I get DEF GW, ASA's next Hop to the internet and one hop farther out where I get a unreachable message from that (3 hops and a fourth 'hop' that says it cannot reach)

When I ping from vLAN 10 it returns a ping. When I tracert it hits the vLAN Def GW, and then directly to the server I am trying to ping in the remote location (two hops).

I can ping all things local form the 10 & 20 vLANs and get out to the internet fine.

Any help appreciated.

1 Accepted Solution

Accepted Solutions