August 29, 2008 09:58pm pdt

1. RobWill 348,183
2. batry_boy 236,734
3. lrmoore 165,453
4. arnold 118,053
5. dpk_wal 72,695
6. mwecom... 67,324
7. ebjers 44,300
8. MrHusy 43,020
9. mkielar 42,800
10. Qlemo 39,883
11. Voltz-dk 35,470
12. Cyclops3... 34,840
13. TechSoEasy 33,389
14. tigermatt 31,325
15. keith_ala... 27,046
16. trinak96 26,315
17. JFrederic... 21,480
18. from_exp 21,275
19. stuknhaw... 20,075
20. rsivanandan 19,950
21. rowansmith 19,875
22. PeteLong 19,175
23. johnb6767 19,122
24. 2PiFL 18,725
25. RPPreacher 17,950

1. RobWill 1,501,076
2. lrmoore 966,196
3. batry_boy 411,444
4. grblades 214,434
5. rsivanandan 148,916
6. dpk_wal 125,695
7. arnold 120,053
8. calvinetter 112,055
9. TechSoEasy 106,468
10. mwecom... 85,124
11. keith_ala... 81,885
12. MrHusy 76,294
13. tim_holman 75,964
14. Cyclops3... 70,785
15. ewtaylor 68,324
16. Voltz-dk 65,570
17. plemieux72 64,143
18. PeteLong 62,031
19. trinak96 61,165
20. nodisco 58,930
21. Qlemo 55,976
22. blin2000 52,944
23. ebjers 49,300
24. magicomm... 46,625
25. poweruse... 45,641

07.09.2008 at 07:43AM PDT, ID: 23550433

	[x] Attachment Details

Need Assistance with Routing Traffic from ASA5510 > 2821 Router (DMVPN) > VPN Traffic to Spoke Sites

Asked by chunjo in Network Routers, Virtual Private Networking (VPN), Cisco PIX Firewall

Tags: Cisco, ASA, 5510, ASA5510 need to route traffic to 2821 Router (DMVPN)

Cisco Guru,

I have project that I'm working on, I want to route all the traffic to the ASA5510. My goal is to have the 2821 Router (DMVPN) in front of the ASA5510 and be able to route LAN traffic to VPN and back. When I attempt to do this I'm not able to pass LAN traffic to the router and out to the spoke sites through VPN. From the ASA to the router I was able to ping but not from any devices inside interface from the LAN. Currently, I'm using 192.168.0.x /23 which consist of 192.168.0.x and 192.168.1.x. On the ASA, I thought as long as it was on a different subnet I was able to make it work. The purpose for doing this project is to support 2 gateways on the ASA. I can't get the spoke site to see the traffic pass the 2821 router.

This is how I configured the ASA5510 and 2821 Router.

ASA5510 Config
FW(config)# int ethernet 0/2
FW(config-if)# ip address 192.168.191.2 255.255.0.0
FW(config-if)# nameif VPN_TRAFFIC
FW(config-if)# security-level 100
FW(config-if)# no shut

FW(config)# access-l VPN permit ip any any
FW(config)# access-g VPN in interface VPN_TRAFFIC
FW(config)# same-security-traffic permit intra-interface
FW(config)# same-security-traffic permit inter-interface
FW(config)# access-l no_nat permit ip any 192.168.0.0 255.255.0.0
FW(config)# nat (inside) 0 access-l no_nat
FW(config)# route VPN_TRAFFIC 192.168.0.0 255.255.0.0 192.168.192.1

2821 Router Config
2821#config t
2821(config)#ip route 192.168.0.0 255.255.0.0 192.168.192.2

I've added a diagram of the project. If you need additional information I can provide please let me know.Start Free Trial

Attachments:

Slide1.JPG (30 KB) (File Type Details)

Current Network

Slide2.JPG (32 KB) (File Type Details)

Proposed Network

Keywords: Need Assistance with Routing Traffic f…

	Title
1	Cisco PIX VPN and NAT
2	Cisco ASA interface issues with VPN
3	VPN Help!
4	VPN question
5	CISCO ASA - PC VPN CLIENT CAN'T…
6	IPSec VPN

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

Need Assistance with Routing Traffic from ASA5510 > 2821 Router (DMVPN) > VPN Traffic to Spoke Sites

Asked by chunjo in Network Routers, Virtual Private Networking (VPN), Cisco PIX Firewall

Tags: Cisco, ASA, 5510, ASA5510 need to route traffic to 2821 Router (DMVPN)

About this solution