Solved

VPN traffic to another subnet

Posted on 2014-03-24
2
553 Views
Last Modified: 2014-03-28
Hi guys,
hope you can help..

My setup is that I have a site to site VPN (cisco ASA):
site1: 10.50.1.x
site2: 10.50.9.x

i can ping all machines, etc on both ends.

however, i need to send traffic from 10.50.1.x subnet destined to 10.50.30.x through a router with IP 10.50.9.254 (that router is able to reach this subnet)
How can i accomplish this - so that all traffic from 10.50.1.x for 10.50.30.x goes through the VPN tunnel and not attempt to go to default route (i.e. internet).

I'm sure this is quite simple, but Cisco stuff is not my game..

Thanks for any help..
Adis
0
Comment
Question by:adispiric
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
MarcusSjogren earned 500 total points
ID: 39949954
Hi,

I  believe you have to add 10.50.30.0/24 to your IPSec crypto map and add exempt-rules in the NAT table as well as allow traffic in the access-lists.

You also have to enable hairpinning on the "main hub" 10.50.9.X in order to allow traffic on the same security level to talk to each other.

In global config: same-security-traffic permit intra-interface

Here is also a nice guide on how to get this going.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/64692-enhance-vpn-pix70.html

Difference is that you can skip configuring PIX3 since you want the traffic to flow further on to the network and not to another VPN-tunnel.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 39950354
please provide topology view, and configs
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question