Calling Network Nerds for Friday Fun!
Hi there!!
So for today, I decided to do something for fun,.. I wanted to establish a Site to Site VPN between 2 ASAs.
Now, this sounds like a routine task for most of you, but here's the catch: My ASAs are running with QEmu and I'm using loopback interfaces to talk to them.
So you're probably thinking to yourself.. "What the hell? What's the purpose of this"? well, let me tell you.. there's no purpose; but if you're like me, you don't need one to network! If you feel like this is a waste of time, then I'm sorry I wasted 2 minutes of your life, I'm sure god will forgive me :)
Enough talk. Here's the scoop (attached image)
I have 2 virtual ASAs running 8.0(2) - each one with two working network interfaces, all attached to a dedicated loopback interface on my machine (one for each ASA interface).
ASA A
inside - 10.1.1.1
outside - 11.1.1.1
ASA B
inside - 20.1.1.1
outside - 21.1.1.1
PC
lo1 - 10.1.1.254
lo2 - 11.1.1.254
lo3 - 20.1.1.254
lo4 - 21.1.1.254
First Challenge:
Access lists on ASAs allow pings to come in to the outside interfaces
From ASA A I can ping ALL loopback interfaces
From ASA B I can ping ALL loopback interfaces
PC can ping ALL IP Addresses
BUT
ASA A cannot ping ASA B and vice versa
Question is; according to the routing table on my PC and the ASAs, why isn't the ping working? Is there something I have to do to enable my Windows XP PC to route these packets from one loopback to another? I know in Windows Server you can have install RAS but how do i achieve this in windows XP?
Before I go crazy with wireshark and start capturing packets on the ASAs I want to see if someone can come up with a solution.
Lastly, I know all of us have full time jobs and don't have much time left to fiddle around but I'd like to execute this exercise for fun. If you have few minutes to offer suggestions, feel free. I'll award points to those who offer the best solutions as the exercise matures!
Have Fun!
FridayNightFun.PNG
So for today, I decided to do something for fun,.. I wanted to establish a Site to Site VPN between 2 ASAs.
Now, this sounds like a routine task for most of you, but here's the catch: My ASAs are running with QEmu and I'm using loopback interfaces to talk to them.
So you're probably thinking to yourself.. "What the hell? What's the purpose of this"? well, let me tell you.. there's no purpose; but if you're like me, you don't need one to network! If you feel like this is a waste of time, then I'm sorry I wasted 2 minutes of your life, I'm sure god will forgive me :)
Enough talk. Here's the scoop (attached image)
I have 2 virtual ASAs running 8.0(2) - each one with two working network interfaces, all attached to a dedicated loopback interface on my machine (one for each ASA interface).
ASA A
inside - 10.1.1.1
outside - 11.1.1.1
ASA B
inside - 20.1.1.1
outside - 21.1.1.1
PC
lo1 - 10.1.1.254
lo2 - 11.1.1.254
lo3 - 20.1.1.254
lo4 - 21.1.1.254
First Challenge:
Access lists on ASAs allow pings to come in to the outside interfaces
From ASA A I can ping ALL loopback interfaces
From ASA B I can ping ALL loopback interfaces
PC can ping ALL IP Addresses
BUT
ASA A cannot ping ASA B and vice versa
Question is; according to the routing table on my PC and the ASAs, why isn't the ping working? Is there something I have to do to enable my Windows XP PC to route these packets from one loopback to another? I know in Windows Server you can have install RAS but how do i achieve this in windows XP?
Before I go crazy with wireshark and start capturing packets on the ASAs I want to see if someone can come up with a solution.
Lastly, I know all of us have full time jobs and don't have much time left to fiddle around but I'd like to execute this exercise for fun. If you have few minutes to offer suggestions, feel free. I'll award points to those who offer the best solutions as the exercise matures!
Have Fun!
FridayNightFun.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent,
ASKER
Finish up this little lab. Thanks :)