Solved

Routing changes

Posted on 2009-05-12
2
224 Views
Last Modified: 2012-05-06
Hi All,

We currently have a working VPN using the following setup

10.100.0.0 -> Cisco ASA <INTERNET> Cisco 877 -> 10.200.0.0

and need to add a new subnet at each site of 10.101.0.0 and 10.201.0.0 respectivley.

Is it possible to configure this on the ASA & Cisco 877, if so does anyone have any sample configuration?

Thanks
0
Comment
Question by:Compaq_Engineer
  • 2
2 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24363695
You simply need to add additional entries to the crypto access-list on each side.

On the ASA side:

access-list <name> extended permit 10.100.0.0 255.255.0.0 10.200.0.0 255.255.0.0   <--already exists
access-list <name> extended permit 10.100.0.0 255.255.0.0 10.201.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.200.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.201.0.0 255.255.0.0

On the 877 side:

access-list <name> extended permit 10.200.0.0 255.255.0.0 10.100.0.0 255.255.0.0  <--already exists
access-list <name> extended permit 10.200.0.0 255.255.0.0 10.101.0.0 255.255.0.0
access-list <name> extended permit 10.201.0.0 255.255.0.0 10.100.0.0 255.255.0.0
access-list <name> extended permit 10.201.0.0 255.255.0.0 10.101.0.0 255.255.0.0
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24363704
Copy/paste error:

You simply need to add additional entries to the crypto access-list on each side.

On the ASA side:

access-list <name> extended permit 10.100.0.0 255.255.0.0 10.200.0.0 255.255.0.0   <--already exists
access-list <name> extended permit 10.100.0.0 255.255.0.0 10.201.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.200.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.201.0.0 255.255.0.0

On the 877 side:

ip access-list ext <name or number>
permit 10.200.0.0 255.255.0.0 10.100.0.0 255.255.0.0  <--already exists
permit 10.200.0.0 255.255.0.0 10.101.0.0 255.255.0.0
permit 10.201.0.0 255.255.0.0 10.100.0.0 255.255.0.0
permit 10.201.0.0 255.255.0.0 10.101.0.0 255.255.0.0
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question