i have got two sites configured for site to site VPN on Asa 5505. Site A have expanded and created two more VLANs but Site B can't access those new Subnets. What could I do to make sure both sites subnets/VLANs could talk to each other.
it would give me whole config. Is there a command where it only shows me site to site VPN stuff. It would make easy for me take that portion and edit it.
Well, deactivate proxy-arp for that identity NAT. As the warning mentions, it's typically not needed.
I have done added the new subnet and saved the config. Still I am unable to ping from the new subnet. Do I need to add it to both ASAs?
Yes, both ASAs need to know that this traffic should not be translated.
What does packet-tracer tell you for that traffic?
AOA Mohammed Yusuf.. Hopefully this find you good...
Well bro Karsten Iwen said you have to check TWO things.
1. Add new vlan subnets in crypto acls nevigations via asdm
Configuration > Site-to-Site VPN > Advanced > Crypto Maps
Select the Traffic Selection tab.
efine the interesting traffic ACL as follows: (You are defining the crypto ACL)
• Network Type: IPv4
• Action: Protect
• Source: 10.10.0.0/16 (Here you can add your new subnets)
• Destination: 10.20.10.0/24
• Service: ip
2. In Twice nat exclude these new subnets from nat process.
Look for twice nat
When I followed your instruction and I would say very good instructions. I clicked on the destination tab and added new subnet in it>click apply . it took about 1 minutes and came up with an error.
ASDM is unable to send the command, resend it. I kind of thought I maybe doing something wrong?