Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1778
Views
0
Helpful
7
Replies

tunnel

atulpal singh
Level 1
Level 1

ā€Ž06-21-2019 05:51 AM

hi , i have a situation. i am using vpn thats a different pool of network. (15.x.x.x) i tunneled it to the network which is regular lan network( 192.x.x.x).but there is a different vpn site to site which is a different address.(172.x.x.x) So , the problem is when i vpn , i am not able to reach the  other site to site vpn(172.x.x.x). what can be the solution? please advise. 

Labels:
0 Helpful
7 Replies 7

Rahul Govindan
VIP Alumni
VIP Alumni

ā€Ž06-21-2019 06:14 AM

What VPN gateway device is this? IF you are using split tunneling, add the 172.x.x.x to your split tunnel list. Also, for your Site to Site tunnel, you will need to add the VPN pool network in the crypto ACL on both sides. Share the config to this thread if possible. 

0 Helpful

atulpal singh
Level 1
Level 1
In response to Rahul Govindan

ā€Ž06-23-2019 03:40 PM

its cisco asdm 5512. in the split tunneling. there are 3 options.
1) split the network tunnel below
2) split all the networks
3) exclude the network below

if i add the 192.x.x.x i am not able to reach 172.x.x.x and if use split all networks below . it will reach 172.x.x.x but there will be no internet.
0 Helpful

Spooster IT Services
Level 7
Level 7

ā€Ž06-21-2019 07:19 AM

Hi,

 

Steps to perform at (192.x.x.x) device
1. Add (15.x.x.x) to Crypto ACL to allow for site to site VPN .
2. Allow access from (15.x.x.x) to (172.x.x.x) in remote access VPN or add (172.x.x.x) to split tunnel.
3. You will also need to add a no-NAT/NAT exemption rule for these two subnets


Steps to perform at (172.x.x.x) device
1. Add (15.x.x.x) to Crypto ACL to allow for site to site VPN .

Spooster IT Services Team
0 Helpful

atulpal singh
Level 1
Level 1
In response to Spooster IT Services

ā€Ž06-23-2019 03:46 PM

hi ,
can you please elaborate how to allow access from 15.x.x.x to 172.x.x.xin remote vpn. or add 172.x.x.x to split tunnel . and how to add no NAT/NAT exemption.
because i have asdm 5512. there are 3 options available
1) split the tunnel below
2) split all the networks
3) exclude the network below

if i add the 192.x.x.x i am not able to reach 172.x.x.x and if use split all networks below . it will reach 172.x.x.x but there will be no internet.
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to atulpal singh

ā€Ž06-23-2019 11:32 PM

Hi,

Share your current configuration. It will easy for us and you to understand the issue and future required changes in the configurations.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Spooster IT Services
Level 7
Level 7
In response to atulpal singh

ā€Ž06-24-2019 07:23 AM - edited ā€Ž06-24-2019 07:25 AM

Hi,

 

Here is the link for site to site VPN configuration using ASDM

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113486-ikev2-s2s-tunnel-00.html

 

Here is the link for Any-Connect VPN configuration using ASDM

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html

 

The above links have all the information regarding your questions, Please go through the docs and let me know if you have further questions.

 

If you need exact required configuration, Please send your current configuration. 

Spooster IT Services Team
0 Helpful

atulpal singh
Level 1
Level 1
In response to Spooster IT Services

ā€Ž06-27-2019 05:23 AM

its working now . thank you everyone for your assistance..
0 Helpful
Customers Also Viewed These Support Documents