Solved

Adding addresses to an existing Tunnel Cisco ASA

Posted on 2015-01-27
4
195 Views
Last Modified: 2015-01-27
I working on a Cisco 5500 ASA via ADSM  I have a tunnel set up with a network subnet and mask.  I need to add some address to this. I think if I go into the Edit Network Object Group I can do this.  However I have 3 address that are not in sequences and another 5 addresses that are in sequence.
so for example I have 11.12.13.41, 11.12.13.166 and 11.12.13.192 on the same subnet, is there a way to add all three in under the same name  and subnet mask?
Then I have an additional 5 IP's with 12.13.14.130, 131.132.133.134 same subnet and I would like to do the same thing.
Or do I need to add these one at a time?
0
Comment
Question by:WellingtonIS
  • 2
  • 2
4 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40573223
To begin with, your access-list that's applied to your crypto map needs to be an exact inverse match of the other end.

For security, only allow those hosts to inter-communicate.  You only aggregate when any traffic between hosts in the subnet is interesting and should go across the tunnel.

The whole point of the object group  is that you have a single place to put hosts or subnets so it's not a big to deal to add a host at a time.
0
 

Author Comment

by:WellingtonIS
ID: 40573248
So I need to add these one at a time? correct?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40573327
you can add them both but to both ends at roughly the same time.  otherwise, you'll have a mis-match in your policy and the tunnel will drop.
0
 

Author Closing Comment

by:WellingtonIS
ID: 40573363
Thanks!  That's what I did.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now