Solved

L2L VPN ASA on Routed WAN

Posted on 2013-06-04
2
377 Views
Last Modified: 2013-06-04
Can I create a VPN LtoL between two ASA for two servers that are on same two subnets as routed traffic that goes over t1.

Other traffic goes to routers before ASA as GW but two servers will go to ASA as GW.
Internet goes through ASA both sides

The ASA knows the routed networks and when I build VPN it tries to use the internal and rout across the T1and is blocked.

the tunnel never is up.

Do I need to change the ip on both servers to separate. networks than routed traffic?

What is best way to have VPN for two servers and not for other traffic?

thanks
0
Comment
Question by:johnemyers
2 Comments
 
LVL 28

Accepted Solution

by:
asavener earned 500 total points
ID: 39219157
You have to change the routes on the ASAs.  The destination network has to be routed out the outside interface in order for the traffic to be picked up by the crypto map.

You may also need to prevent the traffic from being NAT'd, as NAT operations take place before crypto operations.  If the traffic is NAT'd, then the crypto map still won't match the traffic.
0
 

Author Closing Comment

by:johnemyers
ID: 39219216
thanks
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Google Authenticator instead of RSA tokens for VPN access? 13 93
Cisco ASDM device NT domain question 4 33
Identify bottom to remote server 2 31
Router assigned IP addresses 18 69
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Is your computer hacked? learn how to detect and delete malware in your PC
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now