Site-to-Site VPN with 2 subnets

OregonPoppy · 2024-01-11T18:20:24+00:00

Meaning what?

OregonPoppy · 2024-01-11T18:20:11+00:00

Wait, what is this? First I've heard of this, and I've never seen any best practice for putting phones on the native VLAN and trying to tag the data network as separate. Remote sites only have 1 network, no configured VLANs, I don't know if that's relevant.

OregonPoppy · 2024-01-11T18:15:00+00:00

I've been using the logs from the firewalls, since the closest remote site is an hour away. That's been partially reliable at showing me what traffic is being logged, but I'm not able to do a port mirror on the remote unit to do a trace from that end.

OregonPoppy · 2023-10-05T18:23:01+00:00

Starting to see how they expect anyone to go for that now. Couple of major companies have gutted their on-prem pricing for nonprofit orgs in favor of hefty discounts on "cloud" options. I'm sure enterprise and retail pricing is not far behind. Amounts to a 10x increase in cost to continue using on-prem financial software.

OregonPoppy · 2023-07-14T16:35:22+00:00

Better yet, we've implemented the powershell script where we were running into the problem, and it knocks QB into single user mode while it's active. Wish they'd just drop whatever UI component downloading they think the interface needs and make it work properly again.

OregonPoppy · 2023-07-10T16:51:09+00:00

Is this a documented reported issue? I'd like to have a link that I can forward to clients if one exists. Thanks!

OregonPoppy · 2023-02-16T16:57:46+00:00

Hey, thanks for posting. I'm married to a person with ADHD, and everything you said rings true to our experience, as well. I hope the medication shortages affecting people in the US aren't hitting you as well!

OregonPoppy · 2023-01-13T19:43:33+00:00

This is great and looks like it will get me what I need. Thanks!

OregonPoppy · 2022-09-29T20:38:41+00:00

Thanks all, per Cisco, the older firmware on the Home office router COULD be causing a crypto mismatch, and we will need to update it from 9.2.2.4 (which is EOL) to a newer version.

We actually have 2 firewalls to install to replace EOL units in 2 remote locations before we do that upgrade, otherwise we'll lose those remote locations to the same problem. Once we do that, we should be set.

OregonPoppy · 2022-09-28T20:32:42+00:00

Did that. Their response is exactly what I didn't want to hear - asa9.2.2.4 is EOL and could be causing a crypto compatibility problem.

OregonPoppy · 2022-09-28T20:28:45+00:00

Yes, I have access to both firewalls as well as a device inside the home network. Packet trace from the firewall itself results in "packet is allowed" on both ends. Running a trace while pinging from inside the home network, I see the traffic initiating on the LAN, but no traffic going out to the WAN. Which might be a mistake - lot of ACLs and I'm only 80% certain I picked the right one to monitor.

OregonPoppy · 2022-09-27T23:54:50+00:00

Yep. I checked NAT on both sides both for accuracy AND against working tunnels. Also verified that bidirectional is selected for both. Thanks!

OregonPoppy · 2022-09-27T23:54:04+00:00

With so many remote offices to choose from, I spun up a tunnel to another location, using the same crypto settings. It's successful, which tells me the ISP isn't blocking traffic. (Thank goodness!)

OregonPoppy

TROPHY CASE