Here is my situation :
I'm trying to connect a client VPN IPSec through an ASA 5505 to an other ASA 5505. Actually I can make connection to the VPN but all access are blocked (ping or IP access).
When I use an ISP router directly or at home, I have no problem (ping and IP access follow the firewall rules). Connection and access are allowed.
I attached the both configuration to this post
I updated ASA from 8.2.5 to 8.4.6 and finally 9.2.4 recently. Another ASA 5505 v8.2.5 works well in a both way (VPN connection through ASA and connection VPN through ASA1 to this ASA).
I tried many solution to resolve the problem (static nat/ipsec inspection) but I failed to solve it. I tried to see asp drop captured in ASA1 but I had only "nat-xlate-failed" drop reason.
Thank you for your help because I will become crazy...
Ps : sorry for my english...
Go to Solution.
Could you allow icmp inspection on both the ASA's ?
Use this command and check :
fixup protocol icmp
Please rate helpful posts and mark correct answers.
View solution in original post
You are the best, I'm on it since 2 weeks and you solve it !!! I will perform more test to be sure...
It is too bad this information is not easy to find, I've searched deeply...
Thanks a lot,
Glad to assist. :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: