Start Free TrialLog in
Avatar of mydarkpassenger
mydarkpassenger

asked on 

Cisco ASA site-to-site VPN issue with adding second subnet in one site

I have an existing IPsec VPN connection from a ASA 5510 to and ASA 5505. Everything is working properly between sites. I am adding a second subnet that I won't accessible on the 5510 side.

Currently the networks are:

5510:     (working) 192.168.1.0/24
(addition - not working) 10.10.191.0/24

5505:     192.168.131.0/24

I need for devices from the 192.168.131.0/24 network to access devices on the 10.10.191.0/24 network. Currently all devices on 192.168.131.0/24 can access all devices on 192.168.1.0/24



  
5510 Config:

object-group network CNetworks
 network-object 10.10.191.0 255.255.255.0
 network-object 192.168.1.0 255.255.255.0

access-list nonat extended permit ip object-group CNetworks 192.168.131.0 255.255.255.0 

access-list outside_cryptomap_70 extended permit ip object-group CNetworks 192.168.131.0 255.255.255.0 

global (outside) 1 x.x.x.x
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside10) 1 10.10.191.0 255.255.255.0
nat (GuestWIFI) 1 172.1.16.0 255.255.255.0

Open in new window





5505 Config:


object-group network CNetworks
 network-object 10.10.191.0 255.255.255.0
 network-object 192.168.1.0 255.255.255.0


access-list nonat extended permit ip 192.168.131.0 255.255.255.0 object-group CNetworks 

access-list outside_cryptomap_30 extended permit ip 192.168.131.0 255.255.255.0 object-group CNetworks 



global (outside) 1 interface
global (dmz) 3 interface
nat (WAN2) 0 access-list WAN2_nat0_outbound
nat (dmz) 1 Widecase_Beacon 255.255.255.255
nat (dmz) 3 172.16.100.0 255.255.255.0
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0

Open in new window




When I try to connect to the 5510(10.10.191.0/24) network from the 5505(192.168.131.0/24) I receive the following in the 5510 log:

10.10.191.202      23      No translation group found for tcp src outside:192.168.131.10/2326 dst inside10:10.10.191.202/23


Any help is much appreciated!
RoutersVPNCisco
Avatar of undefined
Last Comment
Ernie Beek
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
Do you also have access list on the outside? Check those as wel.
Avatar of mydarkpassenger
mydarkpassenger

ASKER

Not sure what you mean by on the outside. I do have access lists setup for other services that i am allowing through the firewall such as smtp and ssh.
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
Discard that comment for now (overlooked the error).

Is the new network behind the inside interface of the 5505 or behind one of the other interfaces?
Avatar of mydarkpassenger
mydarkpassenger

ASKER

It is behind the inside interface of the 5510
SOLUTION
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of mydarkpassenger
mydarkpassenger

ASKER

no but i dropped the tunnel and reconnected. but the issue still stands. I will try that command though.
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
After further reading, what is that inside10 interface in the 5510?
Avatar of mydarkpassenger
mydarkpassenger

ASKER

that is the interface connected to the 10.10.191.0/24 network. The 10.10.191.0/24 is on the 5510 not the 5505.
ASKER CERTIFIED SOLUTION
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of mydarkpassenger
mydarkpassenger

ASKER

Awesome it looks like that is what I was missing. Thanks a lot! Points awarded to you
Avatar of mydarkpassenger
mydarkpassenger

ASKER

excellent help
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
Glad I could help :)

Thx for the points.
Routers
Routers

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent