05-08-2018 04:29 PM - edited 03-12-2019 05:16 AM
I have two ASA (see the picture)
ASA in europe sits behind NAT.
There are two tunnels. The one that comes up first works. The other one has 0 decrypted packets.
Packets are being encrypted for both tunnels on USA side.
Is there any solution?
05-09-2018 08:14 AM
Hello @filip00011,
Can you share the configuration for both devices in order to check them further?
Gio
05-09-2018 08:50 AM
I think the problem is that ASA-Europe is behind nat. So, ASA does not see the original source IP. for ASA-Europe it all looks like it comes from 10.0.0.137.
Since all ESP packets are coming from 10.0.0.137 port 4500. ASA does not know to which tunnel group it belongs to.
Maybe the solution would be to use IPsec over TCP. I have to find out how to configure it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide