06-27-2012 07:12 AM
We have a site-to-site vpn tunnel that works fine conecting the remote site 192.168.100.x/24 to ours 10.27.x.x/16. We have however added a subnet on our end 172.16.100.x/24 with some serves on it. We would like to tunnel traffic from the remote site to that subnet as well. Behind the ASA (that terminates the tunnel on our end) we also have a router that knows about the different subnets and how to deliver traffic to 172.16.100.x/24 in particular. The router is the default gateway for all devices on our LAN and its' gateway in turn is the inside interface of the ASA.
ASA <---> Router<---> Main LAN (10.27.x.x/16)
|
|
172.16.100.x/24
My questions basically is how to approach this and tunnel traffic from the remote site to that new subnet.
My assumtions are that I would have to:
1. Define traffic originating from the remote site - 192.168.100.x to 172.16.100.x as "interesting" on the remote site's router so it gets tunneled.
2. Define a static route on the ASA telling it that traffic to 172.16.100.x should go through our router...or
3. Define a "Tunneled (Default tunnel gateway for VPN traffic)" as our router...
Would appreciate your input on this. Thank you!
Solved! Go to Solution.
06-27-2012 04:33 PM
You've got it. Just define your interesting traffic on both sides, and make sure that the main ASA has a route to the new subnet. Depending on your setup you may also need to add a an entry to the no-NAT rules on both ASAs for this new traffic.
HTH,
Paul
06-27-2012 04:33 PM
You've got it. Just define your interesting traffic on both sides, and make sure that the main ASA has a route to the new subnet. Depending on your setup you may also need to add a an entry to the no-NAT rules on both ASAs for this new traffic.
HTH,
Paul
07-02-2012 07:08 AM
Paul,
Worked great. Thanks for the no-NAT reminder!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide