• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

trouble with Cisco object-group/VPN configuration

I have two sites connected via VPN. I restricted it so that only four IP addresses could communicate across the VPN for security purposes. The syntax I know of for the ASA's is below.

object-group network RockIsland-2
 description RockIsland-2 internal IP Range
 network-object host 192.168.6.30
 network-object host 192.168.6.32
 network-object host 192.168.6.33
 network-object host 192.168.6.31

access-list vpn2RI extended permit ip 192.168.10.0 255.255.255.0 object-group RockIsland-2
access-list nonat extended permit ip 192.168.10.0 255.255.255.0 192.168.6.0 255.255.255.0

I just added a 5th IP address to the network-object command and the new workstation works fine. A couple days later, one of the five workstations does not work. It can't connect across the VPN. I am wondering if there is a configuration change that I need to make that I didn't know about.?

Thanks,

Justin
0
JustinGSEIWI
Asked:
JustinGSEIWI
1 Solution
 
JustinGSEIWIAuthor Commented:
Turns out you have to add the "network-object host" command to both ASA's that are involved with the VPN connect. I added the fifth device to the remote ASA and then it started working several minutes later.

Justin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now