02-21-2022 01:28 PM
We have set up a VPN tunnel with SAP that has required a NAT translation. The tunnel is up and connected. We are able to ping the SAP side from the firewall directly. However the problem comes when we try to access the site from anything before the firewall. This tunnel is currently set up like this,
172.18.0.0 (SAP) -> Route Based VPN/NAT -> 192.168.1.1 (FW, ASA) -> 192.168.1.2 (Switch, 3750x) -> Users
Somewhere between the switch and the firewall, the packets are getting dropped and we cannot figure out why.
Solved! Go to Solution.
02-22-2022 11:39 AM
Thanks for the responses, it was actually a nat rule that we were missing in the end.
02-21-2022 01:34 PM
Are both side route traffic of lan through vti tunnel ?
02-21-2022 01:34 PM
Yep, we're using a VTI tunnel.
02-21-2022 01:42 PM
See I lan is reachable through vti.
also don’t forget if the sw behind the fw have L3 capability the sw must have route to other site lan through fw, which then the fw forward traffic via vti tunnel.
02-21-2022 01:47 PM
Thanks, I will check that out tomorrow to see
02-22-2022 11:39 AM
Thanks for the responses, it was actually a nat rule that we were missing in the end.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: