Solved

L2L VPN ASA on Routed WAN

Posted on 2013-06-04
2
384 Views
Last Modified: 2013-06-04
Can I create a VPN LtoL between two ASA for two servers that are on same two subnets as routed traffic that goes over t1.

Other traffic goes to routers before ASA as GW but two servers will go to ASA as GW.
Internet goes through ASA both sides

The ASA knows the routed networks and when I build VPN it tries to use the internal and rout across the T1and is blocked.

the tunnel never is up.

Do I need to change the ip on both servers to separate. networks than routed traffic?

What is best way to have VPN for two servers and not for other traffic?

thanks
0
Comment
Question by:johnemyers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 39219157
You have to change the routes on the ASAs.  The destination network has to be routed out the outside interface in order for the traffic to be picked up by the crypto map.

You may also need to prevent the traffic from being NAT'd, as NAT operations take place before crypto operations.  If the traffic is NAT'd, then the crypto map still won't match the traffic.
0
 

Author Closing Comment

by:johnemyers
ID: 39219216
thanks
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Let’s list some of the technologies that enable smooth teleworking. 
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question