11-16-2021 01:15 AM
Hi Team,
I have build Site to Site vpn tunnel with the peer ip 1.1.1.1, the VPN tunnel is up and everything is working fine as expected. However when I am trying to take SSH session from outside interface to the inside interface of the ASA its fails and also same error to any of the network devices located inside the network like access switches and core switch. When VPN tunnel is disconnected I am able to access the inside network through SSH. I assume that ISP is blocking the SSH service could you please suggest the steps to check the logs so that I can share it to my ISP.
Regards,
Antony Xavier
11-16-2021 01:57 AM
as per my understanding your issue - Some steps not clear here is :
1. with out VPN it works ? from outside to inside ? that means you have NAT outside to inside ?
2. Tunnel not working outside to inside ( that means you need excempt NAT inside tunnel for the source and destination to work ?
If you are success access ssh with out tunnel ? i do not see here ISP blocking ? Same traffic coming from inside tunnel is encrypted ISP not aware that traffic.
11-16-2021 04:33 AM
Hello,
hard to say without seeing the configs. Make sure you have a NAT exemption configured for your VPN pool and the inside IPs, it should look something like this:
nat (outside,any) source static VPN_POOL_NET VPN_POOL_NET destination static INSIDE_NET INSIDE_NET no-proxy-arp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide