08-31-2011 07:23 AM - edited 03-04-2019 01:27 PM
Hi all-
Attached is the network diagram.
We have few sites using site to site VPN IPSec tunnel and they all are connected back to Cisco ASA in our HQ. The hosts from one of VPN sites (site A)acceses to the hosts in the other VPN sites (Site B in the diagram) without any issues, but we have one site (Site D in the diagram) is using GRE over IPSec, we are using router to router setup, and in HQ, the router is connected to the Cisco ASA. The hosts in local site (Site C in the diagram) can access the hosts in site D without any issues, but the hosts in site A or site B are not able to access any hosts to site C; If we generate the traffic in Site D to the hosts in Site A or B, and the hosts are able to access to site D, also, we need to gererate traffic by each host in Site D, e.g. if we don't generate the traffic host#1 in site D, the hosts in Site A or B won't be able to acces to the host #1 in Site D. Any idea?
Regards,
Joe
08-31-2011 07:55 PM
Hi,
As far as I understand you can only initiate the tunnel from Site D (not from Site A or B) is that correct?
Are you using dynamic IPs on the outside interfaces?
Can you share a bit more information of the scenario to try to help you out?
Federico.
08-31-2011 09:13 PM
Hi Joe,
The fact that you can access sites A and B from D makes me wonder if there is any rule in your firewall blocking sites A and B to access site D.
Try to run packet tracer and see if there is any rule blocking your traffic.
.
Cheers,
Fabio
09-02-2011 07:44 AM
Thank you guys, I just found that there is a nat'ing issue on the ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide