?
Solved

trouble with Cisco object-group/VPN configuration

Posted on 2014-01-16
1
Medium Priority
?
571 Views
Last Modified: 2014-01-16
I have two sites connected via VPN. I restricted it so that only four IP addresses could communicate across the VPN for security purposes. The syntax I know of for the ASA's is below.

object-group network RockIsland-2
 description RockIsland-2 internal IP Range
 network-object host 192.168.6.30
 network-object host 192.168.6.32
 network-object host 192.168.6.33
 network-object host 192.168.6.31

access-list vpn2RI extended permit ip 192.168.10.0 255.255.255.0 object-group RockIsland-2
access-list nonat extended permit ip 192.168.10.0 255.255.255.0 192.168.6.0 255.255.255.0

I just added a 5th IP address to the network-object command and the new workstation works fine. A couple days later, one of the five workstations does not work. It can't connect across the VPN. I am wondering if there is a configuration change that I need to make that I didn't know about.?

Thanks,

Justin
0
Comment
Question by:JustinGSEIWI
1 Comment
 

Accepted Solution

by:
JustinGSEIWI earned 0 total points
ID: 39786065
Turns out you have to add the "network-object host" command to both ASA's that are involved with the VPN connect. I added the fifth device to the remote ASA and then it started working several minutes later.

Justin
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question