06-04-2012 08:10 AM
I have setup an asa 5505 with multiple subnets (plus licence)
and a vpn tunnel (ipsec) betwen this and an other asa on a second branch office (multiple vlans)
now I needed to route only two vlans from the first site to reach some of the second branch networks
let's call them
1 branch
A-172.16.4.0/24
B-172.16.2.0/24
2 branch
C- 10.10.10.0/24
D- 10.20.10.0/24
E- 10.66.10.0/24
the tunnelis ok From A to CDE
but from B to CDE won't come up
pinging is unsuccessful as well as all other traffic
the connection profile is setup to have both A and B as local networks
and A and B by the moment share the same access rules configuration,
logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet fron the source ip from netywork B
any idea?
Solved! Go to Solution.
06-04-2012 08:27 PM
Does remote branch has the same mirror image access-list for network B as well?
What about NAT exemption on branch 1, have you included network B?
06-04-2012 08:27 PM
Does remote branch has the same mirror image access-list for network B as well?
What about NAT exemption on branch 1, have you included network B?
06-05-2012 12:13 AM
yesterday I found the issue, only network A was in the nat Rules while B was not...
so I assume you are right
however thank you very much !!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: