12-06-2013 09:42 AM
Two 8.2 ASA's are set up with a site-to-site VPN tunnel between them, as can be seen in the diagram:
Here is my configuration for both.
Clients on the inside network of either ASA cannot ping clients on the inside network of the other ASA. Why not?
When pinging from the inside network of SALMONARM to the inside network of KAMLOOPS, the following debug logs can be seen on SALMONARM:
%ASA-7-609001: Built local-host outside:10.30.7.2
%ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-6-302021: Teardown ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-7-609002: Teardown local-host outside:10.30.7.2 duration 0:00:02
%ASA-7-609001: Built local-host outside:10.30.7.2
%ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-6-302021: Teardown ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
%ASA-7-609002: Teardown local-host outside:10.30.7.2 duration 0:00:02
%ASA-7-609001: Built local-host outside:10.30.7.2
%ASA-6-302020: Built outbound ICMP connection for faddr 10.30.7.2/0 gaddr 192.168.0.216/55186 laddr 10.45.7.1/512
...
Each ping attempt responds with "Request timed out" on the pinging computer.
Why can't clients ping each other over the VPN tunnel?
Solved! Go to Solution.
12-06-2013 10:12 AM
Hi,
Create a NAT0 ACL on both ends.
ex: access-list NONAT extended permit ip 10.30.0.0 255.255.0.0 10.45.0.0 255.255.0.0
nat (inside) 0 access-list NONAT
Thx
MS
Edit: Initially , I mentioned ACL #, it may not work.
12-06-2013 10:12 AM
Hi,
Create a NAT0 ACL on both ends.
ex: access-list NONAT extended permit ip 10.30.0.0 255.255.0.0 10.45.0.0 255.255.0.0
nat (inside) 0 access-list NONAT
Thx
MS
Edit: Initially , I mentioned ACL #, it may not work.
12-06-2013 10:48 AM
That did it. Thanks!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide