Solved

Adding addresses to an existing Tunnel Cisco ASA

Posted on 2015-01-27
4
208 Views
Last Modified: 2015-01-27
I working on a Cisco 5500 ASA via ADSM  I have a tunnel set up with a network subnet and mask.  I need to add some address to this. I think if I go into the Edit Network Object Group I can do this.  However I have 3 address that are not in sequences and another 5 addresses that are in sequence.
so for example I have 11.12.13.41, 11.12.13.166 and 11.12.13.192 on the same subnet, is there a way to add all three in under the same name  and subnet mask?
Then I have an additional 5 IP's with 12.13.14.130, 131.132.133.134 same subnet and I would like to do the same thing.
Or do I need to add these one at a time?
0
Comment
Question by:WellingtonIS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40573223
To begin with, your access-list that's applied to your crypto map needs to be an exact inverse match of the other end.

For security, only allow those hosts to inter-communicate.  You only aggregate when any traffic between hosts in the subnet is interesting and should go across the tunnel.

The whole point of the object group  is that you have a single place to put hosts or subnets so it's not a big to deal to add a host at a time.
0
 

Author Comment

by:WellingtonIS
ID: 40573248
So I need to add these one at a time? correct?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40573327
you can add them both but to both ends at roughly the same time.  otherwise, you'll have a mis-match in your policy and the tunnel will drop.
0
 

Author Closing Comment

by:WellingtonIS
ID: 40573363
Thanks!  That's what I did.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question