I have a pair of ASA's on my network,
Both ASA's have their own Static WAN IP's
Internal Interface IP of ASA 1 is 10.7.0.1 (its a /24 subnet)
Internal Interface IP of ASA 2 is 10.7.0.2 (same subnet)
ASA 1 is running DHCP (scope is 10.7.0.40-100) and hands out the addresses to the servers/computers, it also has Site to Site VPN's configured and functioning between 2 of our offices.
ASA 2 has been setup for IPSEC VPN, and external clients can connect, authenticate to ASA 2, receive an IP address from the 10.7.50.0 vpn pool that I created but can't ping the 10.7.0.0 subnet or access any devices on it. The VPN was setup using the ASDM Wizard and i've done this a few times in the past with no issues, so I can't figure out what's wrong in this case. Its too hard to mess up the IPSEC VPN config so I don't think I did anything wrong there, I suspect the problem is on the other ASA
Do I need to add a route on ASA 1 in order for traffic to route back out through ASA 2 ?? Does ASA 1 not recognize the 10.7.50.0 subnet since its setup on ASA 2 ? Its become a frustrating setup
For more info...the WAN ports of the ASA's plug into the same modem to get out to the internet. ASA 2 has a LAN port plugged directly into one of ASA 1's LAN ports, that's how it can see devices on the LAN.
Yes. You can add static route to ASA1. By example:
Yes. If you want to make automatic route updates between two routers you must assign on both routers one of dynamically routes update protocol (OSPF, BGP, ISIS, RIP).
Yes.