Cisco 5510 -> 878 site-to-site VPN

[stickymicky27]

My vpn is up and running as per normal but what I can't do is from site A get to site B's LAN port and vica versa?

10.0.0.1 (SITE A LAN) network 10.0.0.0/24 (Cisco ASA 5510)
20.0.0.1 (SITE B LAN) netowrk 20.0.0.0/24 (Cisco 878)

Ping 20.0.0.1 from any address from 10.0.0.0/24 doesn't work!
Ping 10.0.0.1 from any address from 20.0.0.0/24 doesn't work!

I think the issue is with access rules/firewall as i have intr-interfacing traffic enabled?

Anyone help?

 

[PScottC]

Are you trying to ping from the consoles of the ASA or 878? If yes, then you have to do an extended ping and choose the source interface. Routers and Firewalls, by default, choose the closest interface to the destination address.

In the case of the ASA, a ping to site B would always go from the Outside interface. The traffic going out in this manner would never be put into the VPN tunnel.

Here's a sample from my firewall...

FW01> [red]ping 192.168.2.1[/red]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)

FW01> [red]ping[/red]
Interface: [red]inside[/red]
Target IP address: [red]192.168.2.1[/red]
Repeat count: [5]
Datagram size: [100]
Timeout in seconds: [2]
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms

PSC
[—] CCNP[sub][blue]x3[/blue][/sub] (Security/R&S/Wireless) [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --from "Hackers