0

I have 2 routers set up in our office, one an ASA5505 and one is just a smoothwall. The smoothwall has a VPN set up to a data centre rack and users access various servers at our datacentre. I am in the process of setting up the ASA5505 on a new fibre connection and wanted to know if I could route the data centres subnet through the smoothwall's VPN connection. I have a route set up and from the ASA5505 I can ping the servers at the datacentre, however when I am on this connection myself I can't access anything.

Is there something I'm missing here? I tried various NAT rules, however I can't seem to get this to work.

Daniel
  • 107
  • 1
  • 8
  • Just to update on this. If I add a route on my machine (route add 192.168.53.0 mask 255.255.255.0 192.168.50.252 metric 1) while connected to this Cisco gateway it works fine though obviously I don't want to have to do this. – Daniel Oct 02 '11 at 22:50

1 Answers1

0

Add a static route on the ASA for the data center's subnet with the gateway of the Smoothwall server (which I'm assuming is 192.168.50.252).

Keith Stokes
  • 927
  • 6
  • 7
  • I have done this already. Once I have done this I can ping the data centre servers from the ASDM interface, however not from my machine that has the ASA5505 as the gateway. Is there any other rule I am missing? – Daniel Oct 03 '11 at 00:54
  • Also if I do a packet trace from my machines IP to any IP in the host subnet I get this error, pointing at one of the default access rules. http://imgur.com/GGez4 I have tried manually adding in rules to allow the datacentre subnet but no luck there either. – Daniel Oct 03 '11 at 00:59
  • I've done this in reverse with the ASA as the VPN endpoint. I do have a rule in the ASA allowing traffic to the remote subnet because I haven't enabled the rule bypass. You may have to do the same on your SmoothWall. If you have the gateway to your machine set to the SmoothWall, can you pass traffic? Are you sure your pings are replies from the data center and not the SmoothWall itself? – Keith Stokes Oct 03 '11 at 01:02
  • If my gateway is smoothwall I can ping everything at the datacentre, also I am using the ping tool with ADSM using the host name of various servers and it seems to resolve no problem. Here's an example. Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.53.85, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms. – Daniel Oct 03 '11 at 01:23
  • I should also add as soon as I remove the route I can no longer ping these servers through the ADSM interface. – Daniel Oct 03 '11 at 01:25
  • Can you create a rule allowing IP from 192.168.50.0/24 to 192.168.53.0/24? I'm more familiar with older versions of ASA and believe at some point between my "favorite" and the version you are using there's a setting to allow traffic to enter and exit on the same interface. You may need to configure. – Keith Stokes Oct 03 '11 at 01:36
  • I have worked this out :) I needed both NAT and ACL rules both in and out. – Daniel Oct 03 '11 at 01:56