Solved

Cisco ASA 5510

Posted on 2013-01-25
9
364 Views
Last Modified: 2013-10-13
I have a Cisco ASA 5510, that has 4 Interfaces + the Management Interface.

I have for business reasons 5 VLAN's

Originally they were configured like this

Outside Interface - Ethernet 0
LAN - Ethernet 1
LAN 2 - Ethernet 2
Ethernet 3  - A Switch --- WWW50 VLAN & Webserver/DMZ VLAN

The outside Interface has 80 VPN tunnels configured, which are on an old 2MB line along with the Internet connectivity for the site. The VPN's are used only for SQL replication so the 2MB line is sufficient, but the Internet Access at the site is slow.

The WWW50 VLAN is used to connect to 4 sites via a VPN and I would like to use this for Internet Access as well, since this is a 50MB line. The Router on this network is a BT managed Router, so I cannot put any routing on this device or modify it's Config.

I Moved the Webserver to the Management Interface of the ASA and this works fine, I then moved the WWW50 line to Interface 3, so the the ASA connects directly to the router, and Modified the route 0.0.0.0 0.0.0.0 111.111.111.111 (where 111. is the IP addres of the managed router on the 50MB line) This then gave the site a 50MB connection to the Internet.

Here is the new setup


Outside Interface - Ethernet 0
LAN - Ethernet 1
LAN 2 - Ethernet 2
WWW50  - Ethernet 3
Webserver/DMZ - Management

Since doing this all of the VPN tunnels have dropped out completely, the ones that were on the Outside Interface and the ones on the Oldwww50 Interface. In the ASDM I can the Interface that the VPN tunnels are configured on, they all say www50, if I delete the www50 Interface they all revert to the Interface "Outside" but the tunnels still don't work correctly .

Can anyone advise how I can get the VPN tunnels to work correctly ?
Screen-Shot-2013-01-25-at-10.53..png
0
Comment
Question by:ronnie_urbanit
9 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
Could you post a sanitized for us to have a look at?
0
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
I assume your VPNs were broken because you changed your default route..
0
 
LVL 17

Expert Comment

by:MAG03
Comment Utility
Has the external IP changed since you moved to the www50 interface? if so, has this been updated on the branch office firewall/routers?
0
 
LVL 1

Author Comment

by:ronnie_urbanit
Comment Utility
Hi MAG03

There are 2 groups of VPN connections, 1 is set to the outside Interface, I would like this set of 80 or so VPN's to stay on the outside Interface

The  second group of VPN's in already on the WWW50 Interface.


Erniebeek  I will cleanse the config (and remove some of the VPN's there is no need for all 80 or so to be in there) and post it here shortly
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 17

Expert Comment

by:MAG03
Comment Utility
so you have 80 vpns on the "outside" interface and about 4 on the WWW50 interface?  do you have static routes for the 80 VPNs pointing out the outside interface?  I think you might be running into an asynchonous routing issue, since you have set the default route out www50 interface while the remote sites see the VPN peer address on another interface.

try setting static routes for some of the VPNs and see if they come up.
0
 
LVL 1

Author Comment

by:ronnie_urbanit
Comment Utility
So I will need 80 static routes send the traffic to the Outside Interface, what about the 4 VPN's on the www50 interface that do not come up either.

I have attached the cleansed config
Cleansed-Config.txt
0
 
LVL 17

Expert Comment

by:MAG03
Comment Utility
You said you set the default route next hop to the router IP address? But the router is connected to interface Ethernet 0/3? Yet your default route points out the outside interface.  This will need to be changed.  this should bring up the VPNs on the www50 interface.

route outside 0.0.0.0 0.0.0.0 15.15.15.15 1
0
 
LVL 1

Accepted Solution

by:
ronnie_urbanit earned 0 total points
Comment Utility
Sorry, I reverted back to the original config, because the tunnel wasn't working
0
 
LVL 1

Author Closing Comment

by:ronnie_urbanit
Comment Utility
Original config worked
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
cisco ubr7200 problem with  interface Wideband-Cable 1 11
MPLS Network Question 2 31
NSD FAIL 2 19
Cisco / asa /Nagios 3 10
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now