Solved

2nd vlan connected to inside interface of Cisco ASA not connecting over Site to Site tunnel

Posted on 2010-09-14
5
527 Views
Last Modified: 2012-05-10
Hello All,

I have a Cisco ASA that has two vlans connected to it on the inside through trunking. I am trying to get both to route over the Site to Site VPN tunnel. So far the first vlan called Baroda can connect fine over the tunnel but the second only pings across but does not route TCP or UDP traffic. I am trying to figure out why. Any suggestions.  
ASA-with-2-vlans-connected.txt
0
Comment
Question by:greenbeanx81
  • 3
5 Comments
 
LVL 5

Expert Comment

by:Ioannis_Avgeros
Comment Utility
Check if you're missing any route inside command for that specific vlan.
0
 

Author Comment

by:greenbeanx81
Comment Utility
Would I need route inside for trunking interfaces? The interfaces are on the same network?
0
 
LVL 11

Expert Comment

by:crouthamela
Comment Utility
The config looks good, maybe it is an ACL issue at Acacia?
0
 
LVL 5

Expert Comment

by:Ioannis_Avgeros
Comment Utility
You could try to remove any deny ACLs temporarily and test it.
0
 
LVL 5

Accepted Solution

by:
Ioannis_Avgeros earned 500 total points
Comment Utility
Check this out: It seems similar even though its not about Site-to-Site and one of your vlans works and its just the other one that doesnt. Perhaps if you shared part of your config something might come up.

https://supportforums.cisco.com/message/3014664


22.  Feb 23, 2010 6:54 AM  in response to: Edwin Kok
Re: ASA 5505 Trunk / intervlan routing issue

Just realized that you have an inbound ACL on the inside interface. Can you add the following and try again (clear logging buffer first)? If it is not working, check the log to see anything is on it.

 

access-list acl_in extended permit icmp any any

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now