VPN traffic to another subnet

Hi guys,
hope you can help..

My setup is that I have a site to site VPN (cisco ASA):
site1: 10.50.1.x
site2: 10.50.9.x

i can ping all machines, etc on both ends.

however, i need to send traffic from 10.50.1.x subnet destined to 10.50.30.x through a router with IP 10.50.9.254 (that router is able to reach this subnet)
How can i accomplish this - so that all traffic from 10.50.1.x for 10.50.30.x goes through the VPN tunnel and not attempt to go to default route (i.e. internet).

I'm sure this is quite simple, but Cisco stuff is not my game..

Thanks for any help..
Adis
adispiricAsked:
Who is Participating?
 
MarcusSjogrenConnect With a Mentor Commented:
Hi,

I  believe you have to add 10.50.30.0/24 to your IPSec crypto map and add exempt-rules in the NAT table as well as allow traffic in the access-lists.

You also have to enable hairpinning on the "main hub" 10.50.9.X in order to allow traffic on the same security level to talk to each other.

In global config: same-security-traffic permit intra-interface

Here is also a nice guide on how to get this going.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/64692-enhance-vpn-pix70.html

Difference is that you can skip configuring PIX3 since you want the traffic to flow further on to the network and not to another VPN-tunnel.
0
 
Istvan KalmarHead of IT Security Division Commented:
please provide topology view, and configs
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.