Routing issue through GRE L2L Tunnel via ASA5510
Posted on 2013-12-02
I've a strange problem with the routing from internal network through a GRE Tunnel over an ASA5510:
The infrastructure design is as following:
Internal Network 192.168.1.x
ASA5510 as Internet Gateway with 192.168.1.1
Cisco 2600 Router for GRE L2L VPN Tunnel with 192.168.1.3 IP
SSL VPN LAN through ASA5510 with 10.1.1.x Subnet
L2L VPN Subnet through GRE L2L VPN Tunnel with 10.1.2.x Subnet
The tunnel is up and working, i can access the 10.1.2.x L2L VPN Subnet (inside) without any issue from SSL VPN 10.1.1.x Subnet (outside).
From the internal network 192.168.1.x (inside) i can only access the 10.1.2.x L2L VPN Subnet (inside) when i add on the local client a static routing "10.1.2.x MASK 255.255.255.0 192.168.1.3" - so if the packages go directly to L2L VPN Router it works, as soon there is just the ASA5510 as the default gateway in place it doesn't work.
I've added already a NAT Rule for 10.1.2.x (inside) to 192.168.1.x (inside) and back and in addition a static routing entry for 10.1.2.x Subnet through 192.168.1.3 gateway but it's still not working.
From the other side of the tunnel it's the same issue, as long there is no static routing entry on the server at 192.168.1.x subnet, you cannot access services there (e.g. AD, DNS, WWW, ...), as soon the entry is in place, it works.
It looks for me, that the ASA doesn't handle the traffic correct from 192.168.1.x Subnet to 10.1.2.x Subnet - maybe because both are "inside"?