06-24-2016 09:22 AM
hi,
i have got two sites configured for site to site VPN on Asa 5505. Site A have expanded and created two more VLANs but Site B can't access those new Subnets. What could I do to make sure both sites subnets/VLANs could talk to each other.
thanks,
06-24-2016 10:18 AM
06-24-2016 11:05 AM
No I am not sure where to start without breaking anything?
new VLANs are working ok and routing fine at site A.
06-25-2016 12:49 AM
Is there a command for Asa where I could copy all site to site config and change the local ip addresses?
Thanks
06-25-2016 01:27 AM
Hi,
Regards,
Aditya
Please rate helpful posts and mark correct answers.
06-25-2016 09:19 AM
Hi Aditya,
it would give me whole config. Is there a command where it only shows me site to site VPN stuff. It would make easy for me take that portion and edit it.
thanks
09-09-2016 01:33 AM
Hi Karsten,
There is a nat statment and when I try to add new subnet then I get the following warning.
09-09-2016 01:42 AM
Well, deactivate proxy-arp for that identity NAT. As the warning mentions, it's typically not needed.
09-09-2016 02:22 AM
I have done added the new subnet and saved the config. Still I am unable to ping from the new subnet. Do I need to add it to both ASAs?
09-09-2016 02:37 AM
Yes, both ASAs need to know that this traffic should not be translated.
09-09-2016 02:56 AM
I have added on both asa crypto map for new subnet and nat statement but still unable to ping the remote site from the new subnet.
09-09-2016 03:00 AM
What does packet-tracer tell you for that traffic?
09-09-2016 03:10 AM
06-26-2016 12:52 AM
AOA Mohammed Yusuf.. Hopefully this find you good...
Well bro Karsten Iwen said you have to check TWO things.
1. Add new vlan subnets in crypto acls nevigations via asdm
Configuration > Site-to-Site VPN > Advanced > Crypto Maps
Select the Traffic Selection tab.
efine the interesting traffic ACL as follows: (You are defining the crypto ACL)
• Network Type: IPv4
• Action: Protect
• Source: 10.10.0.0/16 (Here you can add your new subnets)
• Destination: 10.20.10.0/24
• Service: ip
Click OK.
Click Apply.
2. In Twice nat exclude these new subnets from nat process.
Look for twice nat
http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/asdm63/configuration_guide/config/nat_rules.html..
Rate itttt..
06-27-2016 02:53 AM
Hi Ansar,
When I followed your instruction and I would say very good instructions. I clicked on the destination tab and added new subnet in it>click apply . it took about 1 minutes and came up with an error.
ASDM is unable to send the command, resend it. I kind of thought I maybe doing something wrong?
Please advise.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide