Home / server / Questions / 111406
In Process
Dave
Asked: 2010-02-10 18:51:55 +0800 CST

Route traffic on vpn to another interface on an ASA 5510

  • 772

I have a ASA 5510 that has about 60-70 vpn tunnels. I have four interfaces on the device: 1)External, 2)192.168.1.0, 3)192.168.2.0, 4) 192.168.3.0

A VPN tunnel is configured from the remote site (192.168.200.0) to the 192.168.2.0 subnet on the ASA.

I have remote applications I would like the users at the remote site to be able to access which are hosted on the 192.168.3.0 subnet.

I can route traffic between the subnets that are located on the ASA. Any way I can route traffic from the remote site to the 192.168.3.0?

vpn routing cisco-vpn cisco-asa

1 Answers

  1. The best way to do this is to expand your encryption domain to include 192.168.3.0/24 (or just 192.168.3.X/32 for all necessary X).

    For example, on your ASA 5510, you probably have an access-list like this:

    access-list to-remote extended line 1 permit ip 192.168.2.0 255.255.255.0 192.168.200.0 255.255.255.0

    Assuming your application lives on 192.168.3.5 and you want to give all of 192.168.200.0/24 access, for example, you'll want to add something like the following:

    access-list to-remote extended line 2 permit ip host 192.168.3.5 192.168.200.0 255.255.255.0

    Remember that you have to modify the encryption domain on the other side as well.

    • 1