Solved

Calling Network Nerds for Friday Fun!

Posted on 2010-09-15
3
599 Views
Last Modified: 2012-05-10
Hi there!!

So for today, I decided to do something for fun,.. I wanted to establish a Site to Site VPN between 2 ASAs.

Now, this sounds like a routine task for most of you, but here's the catch: My ASAs are running with QEmu and I'm using loopback interfaces to talk to them.

So you're probably thinking to yourself.. "What the hell? What's the purpose of this"? well, let me tell you.. there's no purpose; but if you're like me, you don't need one to network! If you feel like this is a waste of time, then I'm sorry I wasted 2 minutes of your life, I'm sure god will forgive me :)

Enough talk. Here's the scoop (attached image)

I have 2 virtual ASAs running 8.0(2) - each one with two working network interfaces, all attached to a dedicated loopback interface on my machine (one for each ASA interface).


ASA A
inside - 10.1.1.1
outside - 11.1.1.1

ASA B
inside - 20.1.1.1
outside - 21.1.1.1

PC
lo1 - 10.1.1.254
lo2 - 11.1.1.254
lo3 - 20.1.1.254
lo4 - 21.1.1.254


First Challenge:

Access lists on ASAs allow pings to come in to the outside interfaces
From ASA A I can ping ALL loopback interfaces
From ASA B I can ping ALL loopback interfaces
PC can ping ALL IP Addresses

BUT

ASA A cannot ping ASA B and vice versa

Question is; according to the routing table on my PC and the ASAs, why isn't the ping working? Is there something I have to do to enable my Windows XP PC to route these packets from one loopback to another? I know in Windows Server you can have install RAS but how do i achieve this in windows XP?


Before I go crazy with wireshark and start capturing packets on the ASAs I want to see if someone can come up with a solution.

Lastly, I know all of us have full time jobs and don't have much time left to fiddle around but I'd like to execute this exercise for fun. If you have few minutes to offer suggestions, feel free. I'll award points to those who offer the best solutions as the exercise matures!


Have Fun!



FridayNightFun.PNG
0
Comment
Question by:ddiazp
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
kuoh earned 500 total points
ID: 33688920
Try making the following change in the PC registry and reboot.

HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip \Parameters
"IPEnableRouter" = "1"
0
 
LVL 10

Author Comment

by:ddiazp
ID: 33707536
That worked and allowed mento
Finish up this little lab. Thanks :)
0
 
LVL 10

Author Closing Comment

by:ddiazp
ID: 33707541
Excellent,
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now