cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
467
Views
0
Helpful
2
Replies

Vpn strange behaviour

I have setup an asa 5505 with multiple subnets (plus licence)

and a vpn tunnel (ipsec) betwen this and an other asa on a second branch office (multiple vlans)

now I needed to route only two vlans from the first site to reach some of the second branch networks

let's call them

1 branch

A-172.16.4.0/24

B-172.16.2.0/24

2 branch

C- 10.10.10.0/24

D- 10.20.10.0/24

E- 10.66.10.0/24

the tunnelis ok From A to CDE

but from B to CDE won't come up

pinging is unsuccessful as well as all other traffic

the connection profile is setup to have both A and B as local networks

and A and B by the moment share the same access rules configuration,

logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet fron the source ip from netywork B

any idea?

1 Accepted Solution

Accepted Solutions

Jennifer Halim
Cisco Employee
Cisco Employee

Does remote branch has the same mirror image access-list for network B as well?

What about NAT exemption on branch 1, have you included network B?

View solution in original post

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

Does remote branch has the same mirror image access-list for network B as well?

What about NAT exemption on branch 1, have you included network B?

yesterday I found the issue, only network A was in the nat Rules while B was not...

so I assume you are right

however thank you very much !!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: