cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
195
Views
0
Helpful
1
Replies

Site-to-site VPN does not work if using completely different subnets

alex_mills
Beginner
Beginner

We have two ASA 5505 devices, each with security plus license. In one case site-to-site VPN does not work, in another it works. The question is why and how to make it work in the first case?

 

Case 1:

Site A - public IP 111.111.111.111, inside range 10.9.1.0/24

Site B - public IP 222.222.222.222, inside range 192.168.15.0/24

I did everything ASA ASDM Site-to-site VPN manual said, Wizard was used on top of a factory reset, no CLI commands at all. I did factory resets and tried again and again, and every time I was coming to pkts encaps: 0 on one site, pkts decaps: 0 on the other.

 

Case 2:

Everything the same, only 10.9.1.0 was replaced with 192.168.25.0.

Site A - public IP 111.111.111.111, inside range 192.168.25.0/24

Site B - public IP 222.222.222.222, inside range 192.168.15.0/24

It started working right after the wizard finished.

 

Why could this be and what should I do to make Case 1 work?

Thanks!!!

1 Reply 1

Could be a wrong or missing NAT-exemption, but that's impossible to prove without seeing the config.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: