IvanY
asked on
ASA 5510 - IPsec access to all Vlans
I have 2 internal interfaces: inside and voice
When I do Site-to-Site IPsec tunnel, it asks me which internal network I want to connect to. I need to connect to both. Do I need 2 tunnels or is there some creative routing?
interface Ethernet0/0
nameif outside
security-level 0
ip address xxxxxxxxxxxx 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.22.35.11 255.255.255.0
!
interface Ethernet0/2
nameif voice
security-level 100
ip address 10.0.1.3 255.255.255.0
!
The remote network is 10.1.6.0/24 and it has full access to voice (10.0.1.0/24)
When I do Site-to-Site IPsec tunnel, it asks me which internal network I want to connect to. I need to connect to both. Do I need 2 tunnels or is there some creative routing?
interface Ethernet0/0
nameif outside
security-level 0
ip address xxxxxxxxxxxx 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.22.35.11 255.255.255.0
!
interface Ethernet0/2
nameif voice
security-level 100
ip address 10.0.1.3 255.255.255.0
!
The remote network is 10.1.6.0/24 and it has full access to voice (10.0.1.0/24)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I had this statement:
access-list outside_cryptomap_2 extended permit ip 10.0.1.0 255.255.255.0 10.1.6.0 255.255.255.0
added this:
access-list outside_cryptomap_2 extended permit ip 172.22.35.0 255.255.255.0 10.1.6.0 255.255.255.0
For NAT I had this:
nat (voice,outside) source static any any destination static ipsec_obj_10.1.6.0_24 ipsec_obj_10.1.6.0_24 no-proxy-arp route-lookup
added this:
nat (inside,outside) source static any any destination static ipsec_obj_10.1.6.0_24 ipsec_obj_10.1.6.0_24 no-proxy-arp route-lookup
Nothing - anything else?