Okay so I have minimal ASA experience so please dumb things down for me a little bit. I have a currently working site to site VPN between 2 cisco ASA 5505's to which I control. Data is passing from LAN to LAN across the VPN perfectly. I currently have a working SIP phone system in place at site 1. I am trying to add site 2 to the same phone system. ALL SIP traffic must enter and exit from site 1. So when I place an outbound call from site 2, it must traverse the VPN to site 1 and then exit site 1 to the SIP carrier. Obviously when it returns, it must return to site 1 and site 1 needs to send that traffic back across the VPN to site 2. How do I get the particular public SIP IP address to go across the VPN instead of just out to the regular internet?
I have been using the ASDM packet tracer to test this and it passes all the way through Type - NAT >>> Action - ALLOW and fails at Type - VPN >>> Subtype - encrypt >>> Action - Drop.
RESULT - The packet is dropped
Input Interface: inside - Link Up - Link Up
Output Interface: outside-(comcast) - Link Up - Link Up
Info: (acl-drop) Flow is denied by configured rule
I am received several errors from the ASA such as:
ASA-3-713902: Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, QM FSM error (P2 struct &0xcb0d8530, mess id 0x537a455b)!
ASA-3-713902: Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX,Removing peer from correlator table failed, no match!
<163>%ASA-3-713061: Group = XXX.XXX.XXX.XXX, IP = XXX.XXX.XXX.XXX, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 0.0.0.0/0.0.0.0/6/0 local proxy XXX.XXX.XXX.XXX/255.255.255.255/6/0 on interface outside-(comcast)
Please help!!!!