Is it possible?

Hello,

I lease an office from one of my clients who has a Cisco ASA 5505 (which I have full access to modify), my clients network is on 192.168.0.x. In my office, I have a Netgear router which I have my LAN set to the 192.168.5.x network. Everything works fine. But I have a Cisco ASA 5505 at my house where I have a Windows Home Server. Currently, my desktop has a Himachi VPN connection to the WHS server and the connection works fine.

What I'd like to do is create a site-to-site VPN connection between both ASA's (client's office and my home) and have my desktop computer (192.168.5.x network) have a connection to my server which is on a 192.168.72.x network. I ran the site-to-site VPN wizard on both ASA's and they (ASAs) do connect. However, I can't get my desktop (192.168.5.x) to connect to my WHS (192.168.72.x) at my house. Do I need to create a static route from my office ASA to my Netgear in order to get the desktop to connect to my home network? Below is a layout of the networks.

I hope that makes sense, I'm sure it's possible but just don't know how to do it.

Office
ISP-Cisco ASA (LAN 192.168.0.x)-Netgear WAN (192.168.0.48) - (LAN 192.168.5.x)
                                   /             \                                                                     /             \
                               Internal network                                                      Internal network


Home
ISP- CISCO ASA (LAN 192.168.72.x)
bhodge10Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkinsdNetwork AdministratorCommented:
You will need to add the 192.168.72.x to the list of "interesting traffic" allowed to pass through the vpn.
This is just adding the subnet to the ACL that the cryptomap is calling
0
dexITCommented:
Do you have a static (WAN) IP at your place of business to connect to externally?
0
bhodge10Author Commented:
Yes the actual Internet IP address is static.
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

dexITCommented:
Sorry, so irrelevant, i re-read the question after posting. Yes, you could do a static route if you're comp has a preferred/static ip but why not just create an ACL to accept any connections on the home ASA from 192.168.5.0 subnet?
0
Natty GregIn Theory (IT)Commented:
If the port on your home computer isn't configure to listen on to gain access it will not work.
0
AkinsdNetwork AdministratorCommented:
The traffic has to go through the VPN tunnel to connect meaning it must be added to the acl the tunnel calls and must be excluded in NAT by adding the subnet to the object the NAT is using for that tunnel.

Public IPs are not routable over the internet and will be dropped by the ISP.

Unless I misunderstood the author's statement, the networks are not in the same physical environment and has to travel over a WAN link making a tunnel inevitable.

Please provide a topology sketch to better visualize your setup
0
Natty GregIn Theory (IT)Commented:
you mean private address right Akinsd
0
dexITCommented:
bhodge10,

Please read this article as it pertains to your issue:
http://www.dslreports.com/forum/r21203449-HELP-VPN-not-accessing-internal-network-on-ASA-5505
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AkinsdNetwork AdministratorCommented:
Yes, that was a typo from editing back and forth.
I meant private IPs (RFC 1918 addresses) are not routable on the internet.

Thanks Nattygreg
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.