Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco ASA 5505 and Cisco Router

Posted on 2015-02-11
3
Medium Priority
?
228 Views
Last Modified: 2015-02-23
Hi,
I have two sites (Site A - 192.168.31.0) and Site B - (192.168.32.0).  One site is in London and the second is in New York.  They are both connected via an MPLS connection.  The site in London has its gateway as the firewall (192.168.31.1) (MPLS router is the gateway in New York) and therefore hairpining was needed to be able to communicate over the MPLS connection (for those users who were onsite at 192.168.31.0 to be able to talk to the users in 192.168.32.0).  This works fine but now I have a problem were users in London want to be able to connect to the site in New York while connected via Client VPN (VPN IP is 191.193.0.100) -  I have added an ACL and included the New York IP in the split tunnel that was already created but I'm still unable to ping New York.

Anyone any ideas?
Cheers
0
Comment
Question by:minniejp
3 Comments
 
LVL 18

Accepted Solution

by:
Akinsd earned 1000 total points
ID: 40604789
I don't think you need VPN if the sites were connected by the ISP via MPLS

With that said, do you have route statements for both networks in the router and firewall.

You may need to permit the subnet in the ACL as the incoming interface would most likely have its security level set to zero. Traffic with no presence in the permitted list, whether ACL or policy maps would not be allowed in.

Do a trace route or packet trace first to identify where the traffic is stopping
0
 
LVL 12

Assisted Solution

by:Fidelius
Fidelius earned 1000 total points
ID: 40605491
Hello,

If I understand correctly, you have Remote VPN users in London connected to London firewall, and you would like to they can access New York site? Correct me if I'm wrong.
Do you terminate VPN connections and MPLS network on same physical interface?
Can you post sanitized configuration of your firewall?

If you are sure ACLs are OK, I assume problem is in routing. Do you have route for VPN addresses defined in New York router?
You need something like this:
ip route <VPN_pool> <VPN_pool_netmask> <London_FW_MPLS_interface_IP>

Regards!
0
 

Author Comment

by:minniejp
ID: 40625377
routing was the issue, route added and now working as it should.
Cheers
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Considering cloud tradeoffs and determining the right mix for your organization.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question