Link to home
Start Free TrialLog in
Avatar of SpyderG
SpyderG

asked on

Second subnet through VPN

I have a client who uses two Cisco ASA55XX firewalls to connect their two offices via VPN.  They have recently added iSCSI SANs to each office on a separate subnet and would like to send replication traffic over the VPN.  I don't see a way to add a second subnet to the tunnel in the GUI and when I attempt to add it from command line it doesn't accept the command.  Can this be done and can an example be provided?
SOLUTION
Avatar of SebastianAbbinanti
SebastianAbbinanti
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
you can change the scope of the networks
ex 192.168.0.0/23 would give you a network 192.168.0.1 - 192.168.1.254
The subnets can be non-contiguous. Just add the new subnet to the NAT Exemption ACL and the Crypto Maps at each end.

You may also want to utilize Class Maps and queues to prioritize traffic for the SAN. This is also available on the ASA.

Thanks,
S.
Avatar of Istvan Kalmar
Avatar of SpyderG
SpyderG

ASKER

Thanks for the quick responses.  They've already created the subnets and they are not contiguous.  I'm not clear how the SAN traffic would know to traverse the VPN without setting an IP on it to use as a gateway.  Since the current IP is on a different subnet, I can't use it as the gateway for the SAN subnet.  Are you able to clarify?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It seems we need more infos, please provide us:

sh ver
detailed network plan