Solved

Routing changes

Posted on 2009-05-12
2
226 Views
Last Modified: 2012-05-06
Hi All,

We currently have a working VPN using the following setup

10.100.0.0 -> Cisco ASA <INTERNET> Cisco 877 -> 10.200.0.0

and need to add a new subnet at each site of 10.101.0.0 and 10.201.0.0 respectivley.

Is it possible to configure this on the ASA & Cisco 877, if so does anyone have any sample configuration?

Thanks
0
Comment
Question by:Compaq_Engineer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24363695
You simply need to add additional entries to the crypto access-list on each side.

On the ASA side:

access-list <name> extended permit 10.100.0.0 255.255.0.0 10.200.0.0 255.255.0.0   <--already exists
access-list <name> extended permit 10.100.0.0 255.255.0.0 10.201.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.200.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.201.0.0 255.255.0.0

On the 877 side:

access-list <name> extended permit 10.200.0.0 255.255.0.0 10.100.0.0 255.255.0.0  <--already exists
access-list <name> extended permit 10.200.0.0 255.255.0.0 10.101.0.0 255.255.0.0
access-list <name> extended permit 10.201.0.0 255.255.0.0 10.100.0.0 255.255.0.0
access-list <name> extended permit 10.201.0.0 255.255.0.0 10.101.0.0 255.255.0.0
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24363704
Copy/paste error:

You simply need to add additional entries to the crypto access-list on each side.

On the ASA side:

access-list <name> extended permit 10.100.0.0 255.255.0.0 10.200.0.0 255.255.0.0   <--already exists
access-list <name> extended permit 10.100.0.0 255.255.0.0 10.201.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.200.0.0 255.255.0.0
access-list <name> extended permit 10.101.0.0 255.255.0.0 10.201.0.0 255.255.0.0

On the 877 side:

ip access-list ext <name or number>
permit 10.200.0.0 255.255.0.0 10.100.0.0 255.255.0.0  <--already exists
permit 10.200.0.0 255.255.0.0 10.101.0.0 255.255.0.0
permit 10.201.0.0 255.255.0.0 10.100.0.0 255.255.0.0
permit 10.201.0.0 255.255.0.0 10.101.0.0 255.255.0.0
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question