05-30-2016 09:07 AM - edited 02-21-2020 08:50 PM
Hello,
Here is my situation :
I'm trying to connect a client VPN IPSec through an ASA 5505 to an other ASA 5505. Actually I can make connection to the VPN but all access are blocked (ping or IP access).
When I use an ISP router directly or at home, I have no problem (ping and IP access follow the firewall rules). Connection and access are allowed.
Schema :
I attached the both configuration to this post
I updated ASA from 8.2.5 to 8.4.6 and finally 9.2.4 recently. Another ASA 5505 v8.2.5 works well in a both way (VPN connection through ASA and connection VPN through ASA1 to this ASA).
I tried many solution to resolve the problem (static nat/ipsec inspection) but I failed to solve it. I tried to see asp drop captured in ASA1 but I had only "nat-xlate-failed" drop reason.
Thank you for your help because I will become crazy...
Olivier,
Ps : sorry for my english...
Solved! Go to Solution.
05-30-2016 10:07 AM
Hi Olivier,
Could you allow icmp inspection on both the ASA's ?
Use this command and check :
fixup protocol icmp
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-30-2016 10:07 AM
Hi Olivier,
Could you allow icmp inspection on both the ASA's ?
Use this command and check :
fixup protocol icmp
Regards,
Aditya
Please rate helpful posts and mark correct answers.
05-30-2016 10:37 AM
Hi Aditya,
You are the best, I'm on it since 2 weeks and you solve it !!! I will perform more test to be sure...
It is too bad this information is not easy to find, I've searched deeply...
Thanks a lot,
Olivier.
05-30-2016 11:10 AM
Hi Olivier,
Glad to assist. :)
Regards,
Aditya
Please rate helpful posts and mark correct answers.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: