Solved

Cisco ASA 5505 and Cisco Router

Posted on 2015-02-11
3
189 Views
Last Modified: 2015-02-23
Hi,
I have two sites (Site A - 192.168.31.0) and Site B - (192.168.32.0).  One site is in London and the second is in New York.  They are both connected via an MPLS connection.  The site in London has its gateway as the firewall (192.168.31.1) (MPLS router is the gateway in New York) and therefore hairpining was needed to be able to communicate over the MPLS connection (for those users who were onsite at 192.168.31.0 to be able to talk to the users in 192.168.32.0).  This works fine but now I have a problem were users in London want to be able to connect to the site in New York while connected via Client VPN (VPN IP is 191.193.0.100) -  I have added an ACL and included the New York IP in the split tunnel that was already created but I'm still unable to ping New York.

Anyone any ideas?
Cheers
0
Comment
Question by:minniejp
3 Comments
 
LVL 18

Accepted Solution

by:
Akinsd earned 250 total points
ID: 40604789
I don't think you need VPN if the sites were connected by the ISP via MPLS

With that said, do you have route statements for both networks in the router and firewall.

You may need to permit the subnet in the ACL as the incoming interface would most likely have its security level set to zero. Traffic with no presence in the permitted list, whether ACL or policy maps would not be allowed in.

Do a trace route or packet trace first to identify where the traffic is stopping
0
 
LVL 12

Assisted Solution

by:Fidelius
Fidelius earned 250 total points
ID: 40605491
Hello,

If I understand correctly, you have Remote VPN users in London connected to London firewall, and you would like to they can access New York site? Correct me if I'm wrong.
Do you terminate VPN connections and MPLS network on same physical interface?
Can you post sanitized configuration of your firewall?

If you are sure ACLs are OK, I assume problem is in routing. Do you have route for VPN addresses defined in New York router?
You need something like this:
ip route <VPN_pool> <VPN_pool_netmask> <London_FW_MPLS_interface_IP>

Regards!
0
 

Author Comment

by:minniejp
ID: 40625377
routing was the issue, route added and now working as it should.
Cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now