• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 398
  • Last Modified:

Cisco EASYVPN

We have a cisco asa 5510 at our main office and a ASA 5505 at a remote office. We have set easy vpn at the remote site due to us not being able to get a static ip address. The remote site can connect to the main office. The remote site can ping and access all network items at the main office. The problem is the the main office cannot connect to the remote location.


Thanks
0
pspomaha
Asked:
pspomaha
  • 5
  • 4
2 Solutions
 
lruiz52Commented:
Check out the link below, it should help you with your setup.

http://www.petenetlive.com/KB/Article/0000337.htm
0
 
pspomahaAuthor Commented:
This would not be the answer as we can connect from the remote to the main site.
0
 
SepistCommented:
You need to configure reverse route injection so that your main site has a return path

Sample:

crypto dynamic-map crypto_map_name 10 set reverse-route
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
pspomahaAuthor Commented:
Do you have to run OSPF with reverse route injection?
0
 
SepistCommented:
If you want your OSPF process to know about it you will need to redistribute them:

Create the route map:

access-list OSPFredistribute standard permit VPN.IP.POOL.ADDRESSES 255.255.255.0

route-map redistribute permit 1
 match ip address OSPFredistribute

Under the OSPF process:

redistribute static subnets route-map redistribute

Edit: You don't need to have a dynamic routing protocol on your ASA if all your traffic defaults to it as a gateway anyway, as the ASA will know of the RRI routes as static routes.
0
 
pspomahaAuthor Commented:
I have set RRI on the asa but when i try run a trace from the main office to the remote office it trys to go out the internet.

I am not running ospf just static routing. what else has to be done to get this to work?
0
 
SepistCommented:
When your office is connected via VPN do you see their network in the ASA's routing table via `show route` ?
0
 
pspomahaAuthor Commented:
No i do not see there subnet.
0
 
SepistCommented:
You should if RRI is working properly. Make sure it is configured on the headend ASA, not the remote dynamic end. Here is the cisco documentation regarding it:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809d07de.shtml
0
 
pspomahaAuthor Commented:
It is set up on the headend asa. I set it up in asdm.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now