dpu99
asked on
Route multiple subnets over Cisco ASA 5505 VPN
I've seen questions that have touched on this, but I'm still a little confused. So I'm hoping you can help. :-)
We have two physical locations, both of which are connected using a Cisco ASA 5505 VPN on each side. Works great. On one side we also have a remote-access VPN for a few remote users. These users can access resources on one side of the site-to-site VPN (the side they connect to), but not the other.
Here is what we have:
siteA 192.168.222.0/24 <- Site2Site VPN --> siteB 192.168.1.0/24
192.168.2.0/24 <-- RA VPN --> remote users
So users connect to the Cisco ASA 5505 on the siteB side and can access all resources in 192.168.1.0/24. However, they can't access anything on 192.168.222.0/24. It seems to be a routing issue from what I can tell, but I can't find a way to get routing of a second subnet to work over the site-to-site VPN other than the initial subnets you setup in the VPN config.
ideas?
We have two physical locations, both of which are connected using a Cisco ASA 5505 VPN on each side. Works great. On one side we also have a remote-access VPN for a few remote users. These users can access resources on one side of the site-to-site VPN (the side they connect to), but not the other.
Here is what we have:
siteA 192.168.222.0/24 <- Site2Site VPN --> siteB 192.168.1.0/24
192.168.2.0/24 <-- RA VPN --> remote users
So users connect to the Cisco ASA 5505 on the siteB side and can access all resources in 192.168.1.0/24. However, they can't access anything on 192.168.222.0/24. It seems to be a routing issue from what I can tell, but I can't find a way to get routing of a second subnet to work over the site-to-site VPN other than the initial subnets you setup in the VPN config.
ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
- add a static routing to RA VPN box so that it will direct 192.168.222.0/24 traffic to the site2siteVPN box.
- add a static routing to site2site VPN box so that all 192.168.2.0/24 traffic is directed to RA-VPN box.
- If site2Site box is not the default gateway for SiteA hosts you need to add a static route to direct all 192.168.2.0/24 traffic to Site2Site 122.168.222.0/24 side interface.
As you will notice these are all static routings so you won't need to configure it over the VPN. Just aadd it to the configuration of VPN boxes.
Cheers,
K.