Solved: Re: ASA/3750X VPN Issue

rjkaragrm · ‎02-21-2022

We have set up a VPN tunnel with SAP that has required a NAT translation. The tunnel is up and connected. We are able to ping the SAP side from the firewall directly. However the problem comes when we try to access the site from anything before the firewall. This tunnel is currently set up like this,

172.18.0.0 (SAP) -> Route Based VPN/NAT -> 192.168.1.1 (FW, ASA) -> 192.168.1.2 (Switch, 3750x) -> Users

Somewhere between the switch and the firewall, the packets are getting dropped and we cannot figure out why.

rjkaragrm · ‎02-22-2022

Thanks for the responses, it was actually a nat rule that we were missing in the end.

View solution in original post

MHM Cisco World · ‎02-21-2022

Are both side route traffic of lan through vti tunnel ?

rjkaragrm · ‎02-21-2022

Yep, we're using a VTI tunnel.

MHM Cisco World · ‎02-21-2022

See I lan is reachable through vti.

also don’t forget if the sw behind the fw have L3 capability the sw must have route to other site lan through fw, which then the fw forward traffic via vti tunnel.

rjkaragrm · ‎02-21-2022

Thanks, I will check that out tomorrow to see

rjkaragrm · ‎02-22-2022

Thanks for the responses, it was actually a nat rule that we were missing in the end.