Hi there. Sorry this is yet another I cant talk to the inside interface post but im stuck. My issue is with talking to traffic behind the inside interface once vpned into a test asav running 9.6(2)1. Ive tried some of the suggestions in other threads like:
-https://www.fir3net.com/Firewalls/Cisco/cisco-asa-83-no-nat-nat-exemption.html (tried using the post 8.3 commands but nothing)
-https://supportforums.cisco.com/discussion/13229451/cisco-asa-remote-ipsec-vpn (pre 8.3 so doent apply)
-https://supportforums.cisco.com/discussion/13229666/i-cannot-ping-anyconnect-client-i-can-ping-inside-network (cant get it to work)
-etc
but still cant get it working and im getting frustrated. I can talk to the internal networks from the asa itself - eg asa# ping inside 10.1.1.1 no problem. I can only ping the management and outside interface static ips (10.100.192.60, 10.100.194.60) form the vpn. When I do a packet trace from a vpn client perspective I get:
packet-tracer input outside icmp 192.168.50.1 0 8 10.100.32.54 xml
-> result: type vpn, subtype ipsec-tunnel-flow, action drop; info (acl_drop_ flow is denied by configured rule
Anyone have an explanation step by step on how to configure this properly? Im still getting familiar on how natting/acls/cryptomaps are applied in asa land. Ive rolled back all my experimental changes so the nats and acls are blank.
Thanks,
Config attached.