in your most recent ASA config you provided i have simplified for us to understand/break them so we could easliy know what is going on. however in you config. i dont see the Thorman config. Note: I also notice you give us the config from your secondary firewall. could be all config are in Active firewall and they not syn to secondary firwall ============================================ ! object-group network Noverton-local network-object 10.99.206.0 255.255.255.0 network-object 192.168.142.0 255.255.255.0 object-group network Noverton-remote network-object 10.20.4.0 255.255.255.0 ! access-list 181.49.11.243_Noverton extended permit ip object-group Noverton-local object-group Noverton-remote ! nat (inside,outside) source static Noverton-local Noverton-local destination static Noverton-remote Noverton-remote ! crypto map external-vpns 320 match address 181.49.11.243_Noverton crypto map external-vpns 320 set peer 181.49.11.243 crypto map external-vpns 320 set ikev1 transform-set ESP-AES-256-SHA crypto map external-vpns 320 set security-association lifetime seconds 28800 crypto map external-vpns 320 set security-association lifetime kilobytes 4608000 ! =============================================================== Now If i go back to your post the first 2 posts you provide some of the config of your firewall. as i already said in post recent i can not find the Thorman and relying on old information we have. here What i found. ! Problematic ------- object-group network thorman-local network-object 10.99.206.0 255.255.255.0 network-object 10.99.240.0 255.255.255.0 network-object 10.99.241.0 255.255.255.0 network-object 10.99.242.0 255.255.255.0 network-object 10.99.243.0 255.255.255.0 network-object 10.1.0.0 255.255.0.0 network-object 10.2.0.0 255.255.0.0 network-object 10.20.3.0 255.255.255.0 network-object 10.20.4.0 255.255.255.0 network-object 10.20.12.0 255.255.255.0 network-object 10.20.5.0 255.255.255.0 ! object-group network thorman-remote network-object 192.168.142.0 255.255.255.0 ! nat (inside,outside) source static thorman-local thorman-local destination static thorman-remote thorman-remot ! access-list incoming-outside extended permit ip object-group thorman-remote object-group Noverton-remote ! crypto map external-vpns 600 match address thorman---PROBLEM I can not find the thorman. where is the access-list for that? crypto map external-vpns 600 set pfs crypto map external-vpns 600 set peer 135.176.20.84 135.177.156.235 crypto map external-vpns 600 set ikev1 transform-set AES-128-SHA crypto map external-vpns 600 set security-association lifetime seconds 3600 crypto map external-vpns 600 set security-association lifetime kilobytes 4608000 !
... View more