Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Ping from ASA to remote network over VPN

Reply
Thread Tools

Ping from ASA to remote network over VPN

 
 
P1
Guest
Posts: n/a
 
      06-01-2009
Site-to-site VPN between two ASAs. From the ASA, I can't ping hosts on
the remote network, other side of the site-to-site. I would like to be
able to upload the config (write net) to a tftp server there.

Thanks,
Paul
 
Reply With Quote
 
 
 
 
Brian V
Guest
Posts: n/a
 
      06-01-2009

"P1" <(E-Mail Removed)> wrote in message
news:4a24475e$0$2698$(E-Mail Removed)...
> Site-to-site VPN between two ASAs. From the ASA, I can't ping hosts on
> the remote network, other side of the site-to-site. I would like to be
> able to upload the config (write net) to a tftp server there.
>
> Thanks,
> Paul


management-access inside on both ASA's. That will allow you to
connect/ping/tftp to the inside interfaces from the opposite LAN's

 
Reply With Quote
 
 
 
 
P1
Guest
Posts: n/a
 
      06-02-2009
Artie Lange wrote:
> P1 wrote:
>> Site-to-site VPN between two ASAs. From the ASA, I can't ping hosts
>> on the remote network, other side of the site-to-site. I would like
>> to be able to upload the config (write net) to a tftp server there.
>>
>> Thanks,
>> Paul

>
>
> Must create ACL. You have chosen to check ACL for VPN traffic
>
>
> access-list OUTSIDE_access_in extended permit ip 172.16.1.0
> 255.255.255.0 192.168.0.0 255.255.255.0
>
> general allow IP rule, source is remote network to local network
> customize for icmp


I was unsuccessful... Partial configs below, public IPs changed to
protect the innocent...

FIREWALL 1:
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 68.40.247.2 255.255.255.0
no igmp
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.30.1 255.255.255.0
!
access-list outside extended permit ip 172.16.1.0 255.255.255.0
192.168.30.0 255.255.255.0
!

FIREWALL 2:
!
interface Ethernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 208.206.113.196 255.255.255.224
!
interface Ethernet0/1
speed 100
duplex full
nameif inside
security-level 100
ip address 172.16.1.1 255.255.255.0
!
access-list outside extended permit ip 192.168.30.0 255.255.255.0
172.16.1.0 255.255.255.0
!

Thanks again,
Paul
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
One remote network - two VPN tunnels on cisco ASA mayureshjo Computer Support 0 03-06-2009 07:22 AM
ASA 5520 VPN client cannot ping inside network moranwa@gmail.com Cisco 2 07-30-2008 05:14 PM
VOIP over VPN over TCP over WAP over 3G Theo Markettos UK VOIP 2 02-14-2008 03:27 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM



Advertisments