Solved

Cisco ASA 5505 and Cisco Router

Posted on 2015-02-11
3
192 Views
Last Modified: 2015-02-23
Hi,
I have two sites (Site A - 192.168.31.0) and Site B - (192.168.32.0).  One site is in London and the second is in New York.  They are both connected via an MPLS connection.  The site in London has its gateway as the firewall (192.168.31.1) (MPLS router is the gateway in New York) and therefore hairpining was needed to be able to communicate over the MPLS connection (for those users who were onsite at 192.168.31.0 to be able to talk to the users in 192.168.32.0).  This works fine but now I have a problem were users in London want to be able to connect to the site in New York while connected via Client VPN (VPN IP is 191.193.0.100) -  I have added an ACL and included the New York IP in the split tunnel that was already created but I'm still unable to ping New York.

Anyone any ideas?
Cheers
0
Comment
Question by:minniejp
3 Comments
 
LVL 18

Accepted Solution

by:
Akinsd earned 250 total points
ID: 40604789
I don't think you need VPN if the sites were connected by the ISP via MPLS

With that said, do you have route statements for both networks in the router and firewall.

You may need to permit the subnet in the ACL as the incoming interface would most likely have its security level set to zero. Traffic with no presence in the permitted list, whether ACL or policy maps would not be allowed in.

Do a trace route or packet trace first to identify where the traffic is stopping
0
 
LVL 12

Assisted Solution

by:Fidelius
Fidelius earned 250 total points
ID: 40605491
Hello,

If I understand correctly, you have Remote VPN users in London connected to London firewall, and you would like to they can access New York site? Correct me if I'm wrong.
Do you terminate VPN connections and MPLS network on same physical interface?
Can you post sanitized configuration of your firewall?

If you are sure ACLs are OK, I assume problem is in routing. Do you have route for VPN addresses defined in New York router?
You need something like this:
ip route <VPN_pool> <VPN_pool_netmask> <London_FW_MPLS_interface_IP>

Regards!
0
 

Author Comment

by:minniejp
ID: 40625377
routing was the issue, route added and now working as it should.
Cheers
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote control Windows CE 7 94
Anyconnect landing page login failed 2 27
Problems with replacment of Cisco 4510 2 25
What Cisco IOS has CBAC support? 4 20
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
In this article, I'll explain how to setup a Plex Media Server (https://plex.tv/) on a Redhat (Centos) 7 based NAS with screenshots to help those looking for assistance.  What is Plex? If you aren't familiar with Plex, it’s a DLNA media serv…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question