I have a couple of VPNs but am having issues with certain subnets accessing the remote sites. I've created the below diagram to help explain. If a server that is on a subnet to which the ASA firewall, (ASA 5510), has an interface that it is part of, those servers can ping the remote server. However, if a server is on any other subnet it cannot ping the remote site. In the below example Server 01 is part of the 192.168.10.0/24 subnet, and because the ASA firewall has an interface on this same subnet that server can ping the remote site. The same goes for the DMZ server which is connected directly to the firewall on the 192.168.15.0/24 subnet.
All other subnets, such as 192.168.20.0/24, .30.0/24, & .40.0/24 cannot reach the remote site on the other end of the VPN tunnels.
How can I get subnets such as .20, .30, and .40 to be able to reach the remote sites across the VPN?
Thanks for your post, I've reviewed your environment as best I can without configuration files being provided. Just to make referencing things easier, lets call the left firewall "FW-A" and the right firewall "FW-B".
Now, from my understanding, you can access the subnet(s) directly connected to FW-A (192.168.10.0 for example) from the other end of the tunnel but not subnets that have their layer 3 residing on the switch? If this is the case, it is more than likely going to be a routing issue.
Please make sure that FW-A and FW-B both have routes to the subnets hanging off of the layer 3 switch. Also, your access control lists and interesting traffic access control lists for the tunnel will need to match this in order for it to work. If you have any issues knowing the correct commands to use, please attach the full sanitised configuration from each firewall and I'll write some commands tailored to your environment. In this case, please don't forget to let me know the version of ASA you are running.Let me know how you get along, I look forward to hearing back.
Please rate helpful posts and mark correct answers.
What is SecureX?
Cisco SecureX is included with all Secure Endpoint (formerly AMP for Endpoints) subscriptions. SecureX is a cloud-native platform that aggregates capabilities across your security environment. It’s designed to simplify your environment, ...
Cisco ISE Secure Wired Access Prescriptive Deployment Guide
Authors: Hariprasad Holla (until June 2018), Mahesh Nagireddy (until Dec 2018)
For an offline or printed copy of this document, simply choose ⋮ Options > Printer ...
Meet the Authors Slides- SecureX and the Evolution of Security Orchestration Automation and Response
(Live event – Wednesday, 20th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event had place on Wednesday 20th, January 202...
The following guide goes over the in and out of the Cisco Endpoints Security Analytics Dashboard as an overview and faq page
For more information on the product offering, licensing, support, and how to solution (TAC) guide links and more please visit the...
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.
As a security expert, you are tasked with protecting your environment. You see the value of...