Advertisement

07.09.2008 at 07:43AM PDT, ID: 23550433
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.2

Need Assistance with Routing Traffic from ASA5510 > 2821 Router (DMVPN) > VPN Traffic to Spoke Sites

Asked by chunjo in Network Routers, Virtual Private Networking (VPN), Cisco PIX Firewall

Tags: , , ,

Cisco Guru,

I have project that I'm working on, I want to route all the traffic to the ASA5510.  My goal is to have the 2821 Router (DMVPN) in front of the ASA5510 and be able to route LAN traffic to VPN and back.  When I attempt to do this I'm not able to pass LAN traffic to the router and out to the spoke sites through VPN.  From the ASA to the router I was able to ping but not from any devices inside interface from the LAN.  Currently, I'm using 192.168.0.x /23 which consist of 192.168.0.x and 192.168.1.x.  On the ASA, I thought as long as it was on a different subnet I was able to make it work.  The purpose for doing this project is to support 2 gateways on the ASA.  I can't get the spoke site to see the traffic pass the 2821 router.

This is how I configured the ASA5510 and 2821 Router.

ASA5510 Config
FW(config)# int ethernet 0/2
FW(config-if)# ip address 192.168.191.2 255.255.0.0
FW(config-if)# nameif VPN_TRAFFIC
FW(config-if)# security-level 100
FW(config-if)# no shut

FW(config)# access-l VPN permit ip any any
FW(config)# access-g VPN in interface VPN_TRAFFIC
FW(config)# same-security-traffic permit intra-interface
FW(config)# same-security-traffic permit inter-interface
FW(config)# access-l no_nat permit ip any 192.168.0.0 255.255.0.0
FW(config)# nat (inside) 0 access-l no_nat
FW(config)# route VPN_TRAFFIC 192.168.0.0 255.255.0.0 192.168.192.1

2821 Router Config
2821#config t
2821(config)#ip route 192.168.0.0 255.255.0.0 192.168.192.2

I've added a diagram of the project.  If you need additional information I can provide please let me know.Start Free Trial
Attachments:
 
Slide1.JPG (30 KB) (File Type Details) 
Current Network
Current Network
 
 
Slide2.JPG (32 KB) (File Type Details) 
Proposed Network
Proposed Network
 
 
Keywords: Need Assistance with Routing Traffic f…
Title
1 Cisco PIX  VPN and NAT
2 Cisco ASA interface issues with VPN
3 VPN Help!
4 VPN question
5 CISCO ASA - PC VPN CLIENT CAN'T…
6 IPSec VPN
 
Loading Advertisement...
 
[+][-]07.09.2008 at 12:03PM PDT, ID: 21967117

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.09.2008 at 01:08PM PDT, ID: 21967784

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.09.2008 at 02:23PM PDT, ID: 21968542

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Network Routers, Virtual Private Networking (VPN), Cisco PIX Firewall
Tags: Cisco, ASA, 5510, ASA5510 need to route traffic to 2821 Router (DMVPN)
Sign Up Now!
Solution Provided By: mabutterfield
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628