Moorelock
asked on
Site to Site VPN and routing
Hopefully someone can help me with this as it seems pretty straight forward, but I am brain dead at the moment.
I currently have an L3 switch with several VLANs. Connected to this switch with ISPF running is a router serving a WAN location. Also connected is an ASA 5520 with a site to site VPN tunnel configured. Save for the WAN connection I have done static routes and it didn't seem to work very well when I connected the ASA to the L3 switch via OSPF (I'm sure misconfiguration on my part).
Right now I can ping from the internal interface of my ASA to the other side of the VPN tunnel. I can ping from my remote network on the VPN tunnel to the inside interface on the ASA. There is where my problem begins. I cannot get beyond the inside interface of the ASA. if I put a static route for the remote network on the L3 switch I still cannot ping anything on the remote network.
my question is what would be the best way to get routing from the corporate LAN to the remote network. Should I just configure up OSPF or is there some sort of static routing I can do to get things rolling?
I currently have an L3 switch with several VLANs. Connected to this switch with ISPF running is a router serving a WAN location. Also connected is an ASA 5520 with a site to site VPN tunnel configured. Save for the WAN connection I have done static routes and it didn't seem to work very well when I connected the ASA to the L3 switch via OSPF (I'm sure misconfiguration on my part).
Right now I can ping from the internal interface of my ASA to the other side of the VPN tunnel. I can ping from my remote network on the VPN tunnel to the inside interface on the ASA. There is where my problem begins. I cannot get beyond the inside interface of the ASA. if I put a static route for the remote network on the L3 switch I still cannot ping anything on the remote network.
my question is what would be the best way to get routing from the corporate LAN to the remote network. Should I just configure up OSPF or is there some sort of static routing I can do to get things rolling?
Rick_O_Shay
A static route at each site to the other site via the tunnel should be enough. Is the default gateway for the client PC's the L3 switch or the WAN router? If it is the WAN router because that is what has been used in the past it may be an issue now that you want to get to the other side of the tunnel as well.
ASKER
The L3 switch VLAN interfaces are the gateways for the client PCs. I guess the next hops are where I am slightly confused. Say I have 10.0.0.0 at the main site and 192.168.0.0 at the remote site. ASA internal is 10.0.0.1 and remote internal is 192.168.0.1, these are the next hop addresses I should be using correct? I'm just wondering if I should be using the L3 switch for next hop at all.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.