Showing results for 
Search instead for 
Did you mean: 

URGENT: issue wth Multiple site-to-site VPN + internet

Hi team,

I have a very urgent request.

I am working on site-to-site VPN between HQ & site 1 and HQ & site 2. (And I am not an expert in ASA)

I was able to establish the 2 tunnels (they appear in the monitoring tab), however:

     - I can only ping from HQ to site 1.

     - I cannot ping from site 1 to HQ.

     - I cannot ping from HQ to site 2.

     - I cannot ping from site 2 to HQ.

     - I don't have internet connectivity in HQ.

So what I need is complete connectivity between the 2 sites and HQ and mainiting the internet connectivity at HQ (and each of the sites, as they will have their seperate internet connections once deployed).

N.B,: All ASAs are currently in the same site and they will be shipped to the their destinations later.

I think that the NAT is the cause of the problem, however when I tried to conigure the NAT, it didn't work out.

In the HQ site, I have 12-14 VLANs.

In the sites 1 & 2, I have 6 VLANs, with the inter-VLAN routing taking place at the Ethernet 0/1 of the ASA. (intervlan routing restrictions not added yet).

HQ ip range: 172.16.59.x and 172.16.60.x (

Site 1 range: 172.16.72.x (

Site 2 range: 172.16.92.x (

You may find attached the configuration of the 3 ASAs.

In the monitoring tab in HQ it shows that:

     - Tunnel to site 1: TX 0 RX 230000

     - Tunnel to site 2: TX 230000 RX 975

All the configuration (except the interVLANs config of site 1 and 2) was done by graphical interface. VPN tunnels were created using the wizard.

Thank you for reading and for your assistance.


Content for Community-Ad