asked on
subnet routing site to site vpn between two cisco asa 5505
hi i established an ipsec tunnel between two sites now but don't have internet access anymore and cannot reach the other site from the internal networks.
The wan from the asa can ping the remote ip addres.
Do i need a rule like route inside 0.0.0.0 0.0.0.0 ip adress tunneled
Can someone help and complete the necessay command lines?Thank you
information:
internal vlan1(10.73.10.0/24)-vlan2
Subnets on remote site are 172.28.0.0/16,10.30.150.0/
My catalyst3750X stack performs the intervlan routing from the local vlans : vlan1(10.73.10.0/24)-vlan2
object-group network LOCAL-LAN
network-object 10.73.10.0 255.255.255.0
network-object 10.73.11.0 255.255.255.0
object-group network REMOTE-LAN
network-object 172.28.0.0 255.255.0.0
network-object 10.30.150.0 255.255.255.0
network-object 10.30.252.0 255.255.255.0
network-object 10.28.0.0 255.255.0.0
access-list NONAT extended permit ip object-group LOCAL-LAN object-group REMOTE-LAN
access-list CRYPTO-BRANCH extended permit ip object-group LOCAL-LAN object-group REMOTE-LAN
nat (inside) 0 access-list NONAT
crypto ipsec security-association lifetime seconds 3600
crypto ipsec transform-set VPNSET esp-3des esp-md5-hmac
crypto map VPNMAP 1 match address CRYPTO-BRANCH
crypto map VPNMAP 1 set peer 80.95.138.136
crypto map VPNMAP 1 set transform-set VPNSET
crypto map VPNMAP interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 1440
tunnel-group 80.95.138.136 type ipsec-l2l
tunnel-group 80.95.138.136 ipsec-attributes
pre-shared-key YOURPRESHAREDKEY
cat3750X-29112013expertsexch-con.rtf
The wan from the asa can ping the remote ip addres.
Do i need a rule like route inside 0.0.0.0 0.0.0.0 ip adress tunneled
Can someone help and complete the necessay command lines?Thank you
information:
internal vlan1(10.73.10.0/24)-vlan2
Subnets on remote site are 172.28.0.0/16,10.30.150.0/
My catalyst3750X stack performs the intervlan routing from the local vlans : vlan1(10.73.10.0/24)-vlan2
object-group network LOCAL-LAN
network-object 10.73.10.0 255.255.255.0
network-object 10.73.11.0 255.255.255.0
object-group network REMOTE-LAN
network-object 172.28.0.0 255.255.0.0
network-object 10.30.150.0 255.255.255.0
network-object 10.30.252.0 255.255.255.0
network-object 10.28.0.0 255.255.0.0
access-list NONAT extended permit ip object-group LOCAL-LAN object-group REMOTE-LAN
access-list CRYPTO-BRANCH extended permit ip object-group LOCAL-LAN object-group REMOTE-LAN
nat (inside) 0 access-list NONAT
crypto ipsec security-association lifetime seconds 3600
crypto ipsec transform-set VPNSET esp-3des esp-md5-hmac
crypto map VPNMAP 1 match address CRYPTO-BRANCH
crypto map VPNMAP 1 set peer 80.95.138.136
crypto map VPNMAP 1 set transform-set VPNSET
crypto map VPNMAP interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 1440
tunnel-group 80.95.138.136 type ipsec-l2l
tunnel-group 80.95.138.136 ipsec-attributes
pre-shared-key YOURPRESHAREDKEY
cat3750X-29112013expertsexch-con.rtf
Networking
Last Comment
antwerp2007
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.