I have been facing issues in setting up a VPN tunnel between a device behind network 20.X.X.X and our ASA on out1 interface 208.X.X.11. the VPN traffic hits the outside3 interface on the ASA however when I run a packet capture i don't see the udp packets (Isakmp) being forwarded to the Out1 interface.
when we run the packet tracer we get an error "no route to Host"
ASA2# packet-tracer input outside3 udp 20.X.X.1 isakmp 208.X.X.11 isakmp detailed
Drop-reason: (no-route) No route to host
we already have the below route added and the interface route is being reflected under the routing table
route added: route Outside3 20.X.X.1 255.255.255.255 192.168.20.1
can anyone help me how can I have the ISAKMP traffic pass through out3 inter and enable the tunnel to be established using Out1 interface?
Does the router has route to outside 1 network? (I guess it's a default route being a stub network)
You can do one to one nat for both outside networks when the destination si 20.x.x.x
Hi, thanks for helping.
the outside1 is a directly connected interface on the ASA. & the default route is set to use outside interface(directly connected as well).
while I have other VPN tunnels terminating on the Out1 interface with the destination as same interface(out1), it is just this particular VPN connection setup which is not being established where the source is behind Out4 interface which is trying to have a VPN session with the Out1 Interface IP. and this is where i see that the ISAKMP traffic from remote peer is seen to hit Out4 interface but there is no packet trace of udp traffic passing through Out 4 interface and ingress into Out1 Interface.
PS: The security level on both Out4 & out1 interface is set to 0.