So for today, I decided to do something for fun,.. I wanted to establish a Site to Site VPN between 2 ASAs.
Now, this sounds like a routine task for most of you, but here's the catch: My ASAs are running with QEmu and I'm using loopback interfaces to talk to them.
So you're probably thinking to yourself.. "What the hell? What's the purpose of this"? well, let me tell you.. there's no purpose; but if you're like me, you don't need one to network! If you feel like this is a waste of time, then I'm sorry I wasted 2 minutes of your life, I'm sure god will forgive me :)
Enough talk. Here's the scoop (attached image)
I have 2 virtual ASAs running 8.0(2) - each one with two working network interfaces, all attached to a dedicated loopback interface on my machine (one for each ASA interface).
inside - 10.1.1.1
outside - 22.214.171.124
inside - 126.96.36.199
outside - 188.8.131.52
lo1 - 10.1.1.254
lo2 - 184.108.40.206
lo3 - 220.127.116.11
lo4 - 18.104.22.168
Access lists on ASAs allow pings to come in to the outside interfaces
From ASA A I can ping ALL loopback interfaces
From ASA B I can ping ALL loopback interfaces
PC can ping ALL IP Addresses
ASA A cannot ping ASA B and vice versa
Question is; according to the routing table on my PC and the ASAs, why isn't the ping working? Is there something I have to do to enable my Windows XP PC to route these packets from one loopback to another? I know in Windows Server you can have install RAS but how do i achieve this in windows XP?
Before I go crazy with wireshark and start capturing packets on the ASAs I want to see if someone can come up with a solution.
Lastly, I know all of us have full time jobs and don't have much time left to fiddle around but I'd like to execute this exercise for fun. If you have few minutes to offer suggestions, feel free. I'll award points to those who offer the best solutions as the exercise matures!