Calling Network Nerds for Friday Fun!

Hi there!!

So for today, I decided to do something for fun,.. I wanted to establish a Site to Site VPN between 2 ASAs.

Now, this sounds like a routine task for most of you, but here's the catch: My ASAs are running with QEmu and I'm using loopback interfaces to talk to them.

So you're probably thinking to yourself.. "What the hell? What's the purpose of this"? well, let me tell you.. there's no purpose; but if you're like me, you don't need one to network! If you feel like this is a waste of time, then I'm sorry I wasted 2 minutes of your life, I'm sure god will forgive me :)

Enough talk. Here's the scoop (attached image)

I have 2 virtual ASAs running 8.0(2) - each one with two working network interfaces, all attached to a dedicated loopback interface on my machine (one for each ASA interface).


ASA A
inside - 10.1.1.1
outside - 11.1.1.1

ASA B
inside - 20.1.1.1
outside - 21.1.1.1

PC
lo1 - 10.1.1.254
lo2 - 11.1.1.254
lo3 - 20.1.1.254
lo4 - 21.1.1.254


First Challenge:

Access lists on ASAs allow pings to come in to the outside interfaces
From ASA A I can ping ALL loopback interfaces
From ASA B I can ping ALL loopback interfaces
PC can ping ALL IP Addresses

BUT

ASA A cannot ping ASA B and vice versa

Question is; according to the routing table on my PC and the ASAs, why isn't the ping working? Is there something I have to do to enable my Windows XP PC to route these packets from one loopback to another? I know in Windows Server you can have install RAS but how do i achieve this in windows XP?


Before I go crazy with wireshark and start capturing packets on the ASAs I want to see if someone can come up with a solution.

Lastly, I know all of us have full time jobs and don't have much time left to fiddle around but I'd like to execute this exercise for fun. If you have few minutes to offer suggestions, feel free. I'll award points to those who offer the best solutions as the exercise matures!


Have Fun!



FridayNightFun.PNG
LVL 10
ddiazpAsked:
Who is Participating?
 
kuohConnect With a Mentor Commented:
Try making the following change in the PC registry and reboot.

HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip \Parameters
"IPEnableRouter" = "1"
0
 
ddiazpAuthor Commented:
That worked and allowed mento
Finish up this little lab. Thanks :)
0
 
ddiazpAuthor Commented:
Excellent,
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.