cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

389
Views
0
Helpful
1
Replies
Beginner

Routing issue for remote vpn user and spoke

Hi all,

i have configure VPN (see attached file)

before upgrading ASA from 8.3 to 8.4,  SPOKES was able to communicate between them and  also remote VPN users was able to access spoke site.

after upgrade  ASA HUB, neither spoke-to-spoke  nor remoteuser---to---spoke cannot communicate

here is NAT exemption configuration on ASA HUB.  only this ASA have been upgrade. nothing have been done on other site

object network 172.17.8.0

subnet 172.17.8.0 255.255.255.0

object network 10.100.96.0

subnet 10.100.96.0 255.255.240.0

object network VPN-SUBNET

subnet 172.20.1.0 255.255.255.0

nat (outside,outside) source static 172.17.8.0 172.17.8.0 destination static 10.100.96.0 10.100.96.0
nat (outside,outside) source static 10.100.96.0 10.100.96.0 destination static 172.17.8.0 172.17.8.0

nat (outside,outside) source static VPN-SUBNET VPN-SUBNET destination static 10.100.96.0 10.100.96.0

nat (outside,outside) source static VPN-SUBNET VPN-SUBNET destination static 172.17.8.0 172.17.8.0

same-security traffic permit intra-interface

same-security traffic permit inter-interface

Please do you know what can be the problem ?

thanks so much for your help

1 REPLY 1
Cisco Employee

Routing issue for remote vpn user and spoke

Since you are not NATing any of those traffic and it's a u-turn traffic, pls remove those 4 NAT statements. They are not required at all.

Pls "clear xlate" after removing it and let us know how it goes.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here