Solved

VPN traffic to another subnet

Posted on 2014-03-24
2
542 Views
Last Modified: 2014-03-28
Hi guys,
hope you can help..

My setup is that I have a site to site VPN (cisco ASA):
site1: 10.50.1.x
site2: 10.50.9.x

i can ping all machines, etc on both ends.

however, i need to send traffic from 10.50.1.x subnet destined to 10.50.30.x through a router with IP 10.50.9.254 (that router is able to reach this subnet)
How can i accomplish this - so that all traffic from 10.50.1.x for 10.50.30.x goes through the VPN tunnel and not attempt to go to default route (i.e. internet).

I'm sure this is quite simple, but Cisco stuff is not my game..

Thanks for any help..
Adis
0
Comment
Question by:adispiric
2 Comments
 
LVL 4

Accepted Solution

by:
MarcusSjogren earned 500 total points
ID: 39949954
Hi,

I  believe you have to add 10.50.30.0/24 to your IPSec crypto map and add exempt-rules in the NAT table as well as allow traffic in the access-lists.

You also have to enable hairpinning on the "main hub" 10.50.9.X in order to allow traffic on the same security level to talk to each other.

In global config: same-security-traffic permit intra-interface

Here is also a nice guide on how to get this going.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/64692-enhance-vpn-pix70.html

Difference is that you can skip configuring PIX3 since you want the traffic to flow further on to the network and not to another VPN-tunnel.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 39950354
please provide topology view, and configs
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now