0

I have the following situation:

Client subnet(192.168.0.0 /24) ----> Router ----> Internet ----> 
           ASA(172.17.0.2 /24) ----> 
       (172.17.0.1 /24)Gateway ----> (10.0.0.0 /8)Many subnets

I need to logically connect the client subnet to the "many subnets". On the left side I have a Cisco 2901 and on the other an ASA. I built an IPsec connection between the router and the ASA. The IPsec connection itself works but I cannot access any address behind the gateway. The local network of the IPsec connection is the 10.0.0.0/8 network.

The ASA doesn't get it that it has to route the traffic through the gateway (172.17.0.1). I already set a default route on the inside interface to 10.0.0.0 255.0.0.0.0 172.17.0.1 but that doesn't work...

How can I tell the ASA that it has to route all traffic through the gateway?

slm
  • 7,615
  • 16
  • 56
  • 76
FrediWeber
  • 48
  • 5

1 Answers1

1

You need to add the "many subnets" to your protected network.

Router should have 192.168.0.0/24 as his protected network. ASA should have the "many subnets" as his protected networks.

Also, unless you checked the "Do not translate VPN traffic", you will need to add a NAT rule in the ASA (172.17.0.2) in order to let the VPN traffic traverse the ASA.

Your NAT rule should be a static one if you need both sides to initiate a connection.

Alex
  • 3,129
  • 21
  • 28
  • The problem is that the traffic don't get routed to the gateway. I see the incoming traffic in the logs on the ASA. The traffic just don't get routed to the gateway. – FrediWeber Mar 28 '13 at 07:50
  • Does the ASA have an interface with an IP within the 172.17.0.1/24 subnet? – Alex Mar 28 '13 at 16:40