Cisco ASA LAN to LAN with NAT, VPN OK, traffic KO

remi.pochat · ‎09-29-2010

Hello All,

It makes now several days that I'm trying to find where the problem can be, but it's becoming very frustrating to stay blocked...

Here is the picture of what I have to configure:

The client says he sends packets, I can see them arriving, but the client is unable to connect to the WebServer, neither to ping it.

Do you have a solution to this problem. Configuration is attached.

Jitendriya Athavale · ‎09-29-2010

when you do a ping test, please capture packets on the inside of asa nad see if you see them leaving the inside of firewall

secondly, how is th etunnel configured is your cryto acl natted ip or is it private to private

thirdly, is th eother traffic through the vpn working fine

praprama · ‎09-29-2010

Hi,

How are the clients trying to access the server. Are they using the IP address 192.168.0.2 or the NATed IP 10.12.231.1?

I noticed a static policy NAT with the destination IP as "any" as below:

access-list inside_nat_static_1 extended permit ip host InovaSuite-Server any

static (inside,outside) 10.12.231.1 access-list inside_nat_static_1

We can as well change it to just "static (inside,outside) 10.12.231.1 InovaSuite-Server".

Also, any reason why you have the below static command?

static (outside,outside) InovaSuite-Server access-list outside_nat_static_1

I could not make much sense out of it.

Thanks and Regards,

Prapanch