Solved

Routing changes

Posted on 2009-05-12
2
227 Views
Last Modified: 2012-05-06
Hi All,

We currently have a working VPN using the following setup

10.100.0.0 -> Cisco ASA <INTERNET> Cisco 877 -> 10.200.0.0

and need to add a new subnet at each site of 10.101.0.0 and 10.201.0.0 respectivley.

Is it possible to configure this on the ASA & Cisco 877, if so does anyone have any sample configuration?

Thanks
0
Comment
Question by:Compaq_Engineer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24363695
You simply need to add additional entries to the crypto access-list on each side.

On the ASA side:

access-list <name> extended permit 10.100.0.0 255.255.0.0 10.200.0.0 255.255.0.0   <--already exists
access-list <name> extended permit 10.100.0.0 255.255.0.0 10.201.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.200.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.201.0.0 255.255.0.0

On the 877 side:

access-list <name> extended permit 10.200.0.0 255.255.0.0 10.100.0.0 255.255.0.0  <--already exists
access-list <name> extended permit 10.200.0.0 255.255.0.0 10.101.0.0 255.255.0.0
access-list <name> extended permit 10.201.0.0 255.255.0.0 10.100.0.0 255.255.0.0
access-list <name> extended permit 10.201.0.0 255.255.0.0 10.101.0.0 255.255.0.0
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24363704
Copy/paste error:

You simply need to add additional entries to the crypto access-list on each side.

On the ASA side:

access-list <name> extended permit 10.100.0.0 255.255.0.0 10.200.0.0 255.255.0.0   <--already exists
access-list <name> extended permit 10.100.0.0 255.255.0.0 10.201.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.200.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.201.0.0 255.255.0.0

On the 877 side:

ip access-list ext <name or number>
permit 10.200.0.0 255.255.0.0 10.100.0.0 255.255.0.0  <--already exists
permit 10.200.0.0 255.255.0.0 10.101.0.0 255.255.0.0
permit 10.201.0.0 255.255.0.0 10.100.0.0 255.255.0.0
permit 10.201.0.0 255.255.0.0 10.101.0.0 255.255.0.0
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month8 days, 19 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question