Solved

Cisco ASA 5505 and Cisco Router

Posted on 2015-02-11
3
187 Views
Last Modified: 2015-02-23
Hi,
I have two sites (Site A - 192.168.31.0) and Site B - (192.168.32.0).  One site is in London and the second is in New York.  They are both connected via an MPLS connection.  The site in London has its gateway as the firewall (192.168.31.1) (MPLS router is the gateway in New York) and therefore hairpining was needed to be able to communicate over the MPLS connection (for those users who were onsite at 192.168.31.0 to be able to talk to the users in 192.168.32.0).  This works fine but now I have a problem were users in London want to be able to connect to the site in New York while connected via Client VPN (VPN IP is 191.193.0.100) -  I have added an ACL and included the New York IP in the split tunnel that was already created but I'm still unable to ping New York.

Anyone any ideas?
Cheers
0
Comment
Question by:minniejp
3 Comments
 
LVL 18

Accepted Solution

by:
Akinsd earned 250 total points
ID: 40604789
I don't think you need VPN if the sites were connected by the ISP via MPLS

With that said, do you have route statements for both networks in the router and firewall.

You may need to permit the subnet in the ACL as the incoming interface would most likely have its security level set to zero. Traffic with no presence in the permitted list, whether ACL or policy maps would not be allowed in.

Do a trace route or packet trace first to identify where the traffic is stopping
0
 
LVL 12

Assisted Solution

by:Fidelius
Fidelius earned 250 total points
ID: 40605491
Hello,

If I understand correctly, you have Remote VPN users in London connected to London firewall, and you would like to they can access New York site? Correct me if I'm wrong.
Do you terminate VPN connections and MPLS network on same physical interface?
Can you post sanitized configuration of your firewall?

If you are sure ACLs are OK, I assume problem is in routing. Do you have route for VPN addresses defined in New York router?
You need something like this:
ip route <VPN_pool> <VPN_pool_netmask> <London_FW_MPLS_interface_IP>

Regards!
0
 

Author Comment

by:minniejp
ID: 40625377
routing was the issue, route added and now working as it should.
Cheers
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Sonicwall routing between VPNs 5 26
eBGP policy and ACL in interface 7 29
OSPF Question 12 17
EIGRP Configuration 2 14
At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now