Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

L2L VPN ASA on Routed WAN

Posted on 2013-06-04
2
Medium Priority
?
387 Views
Last Modified: 2013-06-04
Can I create a VPN LtoL between two ASA for two servers that are on same two subnets as routed traffic that goes over t1.

Other traffic goes to routers before ASA as GW but two servers will go to ASA as GW.
Internet goes through ASA both sides

The ASA knows the routed networks and when I build VPN it tries to use the internal and rout across the T1and is blocked.

the tunnel never is up.

Do I need to change the ip on both servers to separate. networks than routed traffic?

What is best way to have VPN for two servers and not for other traffic?

thanks
0
Comment
Question by:johnemyers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 28

Accepted Solution

by:
asavener earned 2000 total points
ID: 39219157
You have to change the routes on the ASAs.  The destination network has to be routed out the outside interface in order for the traffic to be picked up by the crypto map.

You may also need to prevent the traffic from being NAT'd, as NAT operations take place before crypto operations.  If the traffic is NAT'd, then the crypto map still won't match the traffic.
0
 

Author Closing Comment

by:johnemyers
ID: 39219216
thanks
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question