I'm working with a client who has an ASA that has site-to-site IPSec VPN connections to both an Azure environment as well as a Rackspace environment. They can access either environment from the office, but servers in Azure are unable to ping to servers at Rackspace and vice versa. I've tried everything that I know of as well as everything I've found while searching but I still cannot get this to work. Any help is greatly appreciated.
I've been away a little bit, so may be not so accurate.
Check that crypto-map on each remote location includes in crypto ACL subnet for corresponding locations. I.e. crypto acl in Rackspace should include ACL for subnet in Azure and vice versa. Then check corresponding nat-exception strings on both sides.
Also, possibly you sould enter same security traffic permit intra-interface command on central side.
Unfortunately I do not have much control over the Azure end of things. Microsoft spits out a config to connect to their endpoint in Azure and that's all you get. There is an actual ASA residing at Rackspace that can be configured how I want. I think it is just a NAT issue at the central office, as I can resolve IP addresses from end to end, I just cannot get a ping to go across and come back.
I do have the same-security-traffic permit intra-interface command set on the ASA at the central location.
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...