Cisco: Site-to-site VPN with cisco 878 and ASA weirdness

Posted by cpf on Server Fault See other posts from Server Fault or by cpf
Published on 2010-03-23T13:23:08Z Indexed on 2010/03/23 13:33 UTC
Read the original article Hit count: 1041

Filed under:
|

I currently have 2 sites, both connected to each other through 2 firewalls / routers in a site-to-site VPN. Pinging from server to server (Using 2mb/2mb SDSL) through that VPN obviously works, however, at one site, we have another internet connection (7m/400k ADSL), and only the link between the two sites should be on the other connection. All pc's should go over the other connection for internet, just communication between servers & Communication between pc's and the server at the other side should go through there too.

What is configured at the moment is the server is using the SDSL directly as default gateway. Since it's not intended to surf anything it is a safe config.

PC's are configured on the ADSL as default gateway. Now I wanted to route through everything that uses the range used on the other site, it should be sent from the ADSL modem to the SDSL modem, which has the VPN connection.

I figured I could use OSPF to do so, however, OSPF doesn't seem to "detect" the range of the external site. Also (due to bad ip subnetting thanks to the other administrator), the ip used internally as the server on the other site also exists on the internet (causing a lot of confusion), so rdp-ing from our server to the server of the other site works (somehow), but tracerouting on the SDSL router (which should actually, in my opinion, go over the VPN) actually goes all over the internet.

My question(s):

  • Why doesn't the SDSL router ping the external ip through VPN, but the server does?
  • Why can't I route from the ADSL router to the SDSL over VPN?

I would seriously appreciate some help, since I can't figure out why it does it like this.

© Server Fault or respective owner

Related posts about cisco

Related posts about vpn