Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Cisco ASA 5505 and Cisco Router

Hi,
I have two sites (Site A - 192.168.31.0) and Site B - (192.168.32.0).  One site is in London and the second is in New York.  They are both connected via an MPLS connection.  The site in London has its gateway as the firewall (192.168.31.1) (MPLS router is the gateway in New York) and therefore hairpining was needed to be able to communicate over the MPLS connection (for those users who were onsite at 192.168.31.0 to be able to talk to the users in 192.168.32.0).  This works fine but now I have a problem were users in London want to be able to connect to the site in New York while connected via Client VPN (VPN IP is 191.193.0.100) -  I have added an ACL and included the New York IP in the split tunnel that was already created but I'm still unable to ping New York.

Anyone any ideas?
Cheers
0
minniejp
Asked:
minniejp
2 Solutions
 
AkinsdNetwork AdministratorCommented:
I don't think you need VPN if the sites were connected by the ISP via MPLS

With that said, do you have route statements for both networks in the router and firewall.

You may need to permit the subnet in the ACL as the incoming interface would most likely have its security level set to zero. Traffic with no presence in the permitted list, whether ACL or policy maps would not be allowed in.

Do a trace route or packet trace first to identify where the traffic is stopping
0
 
FideliusCommented:
Hello,

If I understand correctly, you have Remote VPN users in London connected to London firewall, and you would like to they can access New York site? Correct me if I'm wrong.
Do you terminate VPN connections and MPLS network on same physical interface?
Can you post sanitized configuration of your firewall?

If you are sure ACLs are OK, I assume problem is in routing. Do you have route for VPN addresses defined in New York router?
You need something like this:
ip route <VPN_pool> <VPN_pool_netmask> <London_FW_MPLS_interface_IP>

Regards!
0
 
minniejpAuthor Commented:
routing was the issue, route added and now working as it should.
Cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now