Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Add network to existing IPSec S2S VPN

I was able to get a VPN running between two sites using the ASDM wizard. The remote site is simple, just an ASA5505 and a backup server, network is 192.168.103.0/24. Locally, we have an ASA5520 and quite a few vlans. Currently, the local network is configured as 192.168.102.0/24 (vlan102), but I'd like to add other vlans to the tunnel. Specifically, vlan38:10.1.38.0/24. I tried adding this network to the Remote Network list on the remote 5505, and to the Local Network list on the local 5520, but there's still no communication. Do I need to specify a vlan somewhere? How does that work?

Thanks.
0
LSDIT
Asked:
LSDIT
  • 2
1 Solution
 
LSDITAuthor Commented:
I've changed the local/remote networks to "Any." From a machine in vlan102, I can ping the remote server, but not from vlan38. I CAN ping between the two vlans locally.
0
 
MikeKaneCommented:
You need to add the remote destination subnet(s) to both the Crypto Map Match ACL and to the Nonat acl.    

So if you add a new 192.168.2.0/24 at the remote site and your home site uses 10.10.10.0/24  then you need to add the sourceand destination subnets into the nonat ACL.   Then add destination 192.168.2.0 to the crypto map ACL for that tunnel so that packets bound fo rthis subnet are also swept into the tunnel.

0
 
LSDITAuthor Commented:
Sweet! That works!
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now