2 Networks over 1 VPN tunnel
Hi Experts,
I have a question regarding the following.
We have a customer with two vlan's but 1 public IP.
is it posible to exempt 2 inside networks over 1 VPN tunnel.
We are using the followin ASA version : 9.4(1) and ASDM : 7.5(1)
I think the exempts are not configured correctly. Can you guys give me an example.
Our inside networks are as follows.
Educational network (City - Hilversum) : 192.168.102.x
Educational network (City - Eindhoven) : 192.168.100.x
Administrative network (City - Hilversum) : 10.100.100.x
Administrative network (City - Eindhoven) : 192.168.20.x
We have one tunnel with these two networks.
But there is not traffic going throught it.
Can anyone give us some advise?
Thanks in advance
Robin Derksen
Screenshot-1.PNG
screenshot-2.PNG
screenshot-3.PNG
screenshot-4.PNG
I have a question regarding the following.
We have a customer with two vlan's but 1 public IP.
is it posible to exempt 2 inside networks over 1 VPN tunnel.
We are using the followin ASA version : 9.4(1) and ASDM : 7.5(1)
I think the exempts are not configured correctly. Can you guys give me an example.
Our inside networks are as follows.
Educational network (City - Hilversum) : 192.168.102.x
Educational network (City - Eindhoven) : 192.168.100.x
Administrative network (City - Hilversum) : 10.100.100.x
Administrative network (City - Eindhoven) : 192.168.20.x
We have one tunnel with these two networks.
But there is not traffic going throught it.
Can anyone give us some advise?
Thanks in advance
Robin Derksen
Screenshot-1.PNG
screenshot-2.PNG
screenshot-3.PNG
screenshot-4.PNG
Make groups for your objects:
VPN01-Local-group (yours)
VPN01-Peer-group (theirs)
Into those, place your network objects (usually subnets, but it could be several individual addresses).
Makes it much easier to make changes later.
Never used the wizard. There is a config section for site-to-site VPNs.
VPN01-Local-group (yours)
VPN01-Peer-group (theirs)
Into those, place your network objects (usually subnets, but it could be several individual addresses).
Makes it much easier to make changes later.
Never used the wizard. There is a config section for site-to-site VPNs.
I don't know about the specific equipment but it may be easier to set up a VPN for each LAN pair.
Maybe it can be easier than that but this should surely work.
Maybe it can be easier than that but this should surely work.
You don't need separate VPN tunnels. You can shive an entire /16 or two or three in the same tunnel. No practical limit, unless subnet addressing overlaps.
I have a VPN tunnel carrying one /24 on one side, and three /16 + a handful of /24 on the other side.
You need to create groups (100% identical on both sides) and set the routes properly at your core routers to hit the VPN router, and not go to the default route to the internet.
I have a VPN tunnel carrying one /24 on one side, and three /16 + a handful of /24 on the other side.
You need to create groups (100% identical on both sides) and set the routes properly at your core routers to hit the VPN router, and not go to the default route to the internet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i Rather have a quicker respons. we almost evertime solve our own questions.
ASKER
Forgot to say that the VPN ocnnection is up. but there is only one way transfer.
screenshot-5.PNG