Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
904
Views
0
Helpful
2
Replies

Tunnel traffic to a subnet

Go to solution
uvaldememorialhospital
Level 1
Level 1

‎06-27-2012 07:12 AM

We have a site-to-site vpn tunnel that works fine conecting the remote site 192.168.100.x/24 to ours 10.27.x.x/16. We have however added a subnet on our end 172.16.100.x/24 with some serves on it. We would like to tunnel traffic from the remote site to that subnet as well. Behind the ASA (that terminates the tunnel on our end) we also have a router that knows about the different subnets and how to deliver traffic to 172.16.100.x/24 in particular. The router is the default gateway for all devices on our LAN and its' gateway in turn is the inside interface of the ASA.

ASA <---> Router<---> Main LAN (10.27.x.x/16)

                  |

                  |

            172.16.100.x/24

My questions basically is how to approach this and tunnel traffic from the remote site to that new subnet.

My assumtions are that I would have to:

1. Define traffic originating from the remote site - 192.168.100.x to 172.16.100.x as "interesting" on the remote site's router so it gets tunneled.

2. Define a static route on the ASA telling it that traffic to 172.16.100.x should go through our router...or

3. Define a "Tunneled (Default tunnel gateway for VPN traffic)" as our router...

Would appreciate your input on this. Thank you!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pstebner10
Level 1
Level 1

‎06-27-2012 04:33 PM

You've got it. Just define your interesting traffic on both sides, and make sure that the main ASA has a route to the new subnet. Depending on your setup you may also need to add a an entry to the no-NAT rules on both ASAs for this new traffic.

HTH,

Paul

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pstebner10
Level 1
Level 1

‎06-27-2012 04:33 PM

You've got it. Just define your interesting traffic on both sides, and make sure that the main ASA has a route to the new subnet. Depending on your setup you may also need to add a an entry to the no-NAT rules on both ASAs for this new traffic.

HTH,

Paul

0 Helpful

Go to solution
uvaldememorialhospital
Level 1
Level 1
In response to pstebner10

‎07-02-2012 07:08 AM

Paul,

Worked great. Thanks for the no-NAT reminder!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents