We have;
Simple-ish network in the office, Cisco ASA 5505 and 2960-S switch, three vlans, general, DMZ and guest. 10.22.x.x/24 private network.
Site-to-site VPN to external customer internally we use 192.168.x.x/24 which via crypto maps and shiit too hard for me allows access over VPN to customer hosts.
We need to set up two more internal hosts to connect the same way but, and this is the important bit, they must NOT be able to see each other internally. We've tried them on 192.168.x.x/24 and of course they do see each other and this is causing undesirable issues.
I tried putting them in new vlans so they can't see each other locally, but I can't seem to create connection profiles with the same peer IP address (the customers VPN) as it exists already.
Is vlans they wrong way to go? Should I be looking at subnetting them out?
More info if needed!
Simple-ish network in the office, Cisco ASA 5505 and 2960-S switch, three vlans, general, DMZ and guest. 10.22.x.x/24 private network.
Site-to-site VPN to external customer internally we use 192.168.x.x/24 which via crypto maps and shiit too hard for me allows access over VPN to customer hosts.
We need to set up two more internal hosts to connect the same way but, and this is the important bit, they must NOT be able to see each other internally. We've tried them on 192.168.x.x/24 and of course they do see each other and this is causing undesirable issues.
I tried putting them in new vlans so they can't see each other locally, but I can't seem to create connection profiles with the same peer IP address (the customers VPN) as it exists already.
Is vlans they wrong way to go? Should I be looking at subnetting them out?
More info if needed!
Comment