Can a Cisco ASA 5510 ver 8.2, route two subnets on the same VPN tunnel?

gonzo117
gonzo117 used Ask the Experts™
on
Can a Cisco ASA 5510 ver 8.2, route two subnets on the same VPN tunnel? I’m using a Linksys RV016 ver 3.0.0.19 on the other end of the tunnel, with a subnet of 192.168.107.0/24 and would like to route another subnet of 192.168.106.0/24 down the same tunnel. I’ve already got a static route on the Linksys and can ping both subnets on the LAN, but not through the tunnel. I can ping 192.168.107.0/24 down the tunnel, but not 192.168.106/24.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Technical Consultant
Commented:
You you can route tow subnets down the same VPN
On the ASA find the access-list that the ASA is using for its cryptomap - then simply add a second ACL for the new subnet......
PetesASA# show run crypto map <<<<<<<<<type in this
crypto map outside_map 1 match address VPN-INTERESTING-TRAFFIC <<<< this is what you are looking for
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer Coniston-SG
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
PetesASA#
 
now do this....
PetesASA# show run access-list VPN-INTERESTING-TRAFFIC
access-list VPN-INTERESTING-TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 192.168.107.0 255.255.255.0
PetesASA#
 
OK lets add the new one
PetesASA#conf t
PetesASA#access-list VPN-INTERESTING-TRAFFIC line 2 permit ip 192.168.1.0 255.255.255.0 192.168.106.0 255.255.255.
Job done :)
 
save with a

PetesASA# write mem
Building configuration...
Cryptochecksum: dd9a74b7 d2b3afb7 b0fca4e7 d53119df
8241 bytes copied in 1.610 secs (8241 bytes/sec)
[OK]
PetesASA#

Author

Commented:
Pete, I did implemented your solution but it didn't work.  Should I do something else on the ASA?
You of course have to do the equivolent Interesting traffic ACL on the other end of the VPN tunnel. The Question is, does the Linksys specify that the subnets behind it are to be encrypted? It may be that the linksys, in its design to be simple, will only encrypt a tunnel for its attached subnet. Check with the linksys config and see if you can define VPN parameters such as the IPs to encrypt.
Pete LongTechnical Consultant

Commented:
ThanQ

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial