VPN traffic to another subnet

Posted on 2014-03-24
Medium Priority
Last Modified: 2014-03-28
Hi guys,
hope you can help..

My setup is that I have a site to site VPN (cisco ASA):
site1: 10.50.1.x
site2: 10.50.9.x

i can ping all machines, etc on both ends.

however, i need to send traffic from 10.50.1.x subnet destined to 10.50.30.x through a router with IP (that router is able to reach this subnet)
How can i accomplish this - so that all traffic from 10.50.1.x for 10.50.30.x goes through the VPN tunnel and not attempt to go to default route (i.e. internet).

I'm sure this is quite simple, but Cisco stuff is not my game..

Thanks for any help..
Question by:adispiric

Accepted Solution

MarcusSjogren earned 2000 total points
ID: 39949954

I  believe you have to add to your IPSec crypto map and add exempt-rules in the NAT table as well as allow traffic in the access-lists.

You also have to enable hairpinning on the "main hub" 10.50.9.X in order to allow traffic on the same security level to talk to each other.

In global config: same-security-traffic permit intra-interface

Here is also a nice guide on how to get this going.


Difference is that you can skip configuring PIX3 since you want the traffic to flow further on to the network and not to another VPN-tunnel.
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 39950354
please provide topology view, and configs

Featured Post

IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Considering cloud tradeoffs and determining the right mix for your organization.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question