Static (inside,remotesite) 10.1.1.100 10.1.1.100 netmask 255.255.255.255Īccess-group ingress in interface InternetĪccess-group remotesite in interface remotesite Nat (inside) 0 access-list inside_nat0_outbound Icmp unreachable rate-limit 1 burst-size 1 Same-security-traffic permit inter-interface I've narrowed the problem down to something on this ASA that isn't allowing these private LANs to communicate however I have no idea what it is. It can't ping the main site LAN gateway and it can't ping anything on the public internet. The remote site as we stand now is able to ping the other end of the serial IP (10.1.1.1) but that's it. I.E both LANs need to be able to talk to eachother. The idea in this case is to have the remote site send all data back to the ASA5505 (think of the VC as one long cable connecting the two) and the ASA will handle the actual public internet connectivity as well as allowing connectivity to their private LAN (to access servers). This tells me that the Route commands are all set up fine as well as NAT translations to the public internet. The main site and the remote site are both separate LAN subnets, with a third subnet acting as a serial between the two locations.Īt our main site, the ASA can access the public internet just fine, it can also ping to the gateway address on the 1921 (for their lan10.34.60.245: below) and receive a reply. From our ISP, two vlans come into the ASA (one for public internet traffic, one for the remote site, set up as a VC). The ASA 5505 acting as an edge device at our main site. Out setup consists of two locations, one ASA 5505 (security license) \ at our main site and the other is a remote site with a cisco 1921 acting as the edge device. Hi everyone, I was hoping that I could get some help for an issue we are having and i'm about to rip my hair out.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |