Solved: Vpn strange behaviour

Giuliano Gerardi · ‎06-04-2012

I have setup an asa 5505 with multiple subnets (plus licence)

and a vpn tunnel (ipsec) betwen this and an other asa on a second branch office (multiple vlans)

now I needed to route only two vlans from the first site to reach some of the second branch networks

let's call them

1 branch

A-172.16.4.0/24

B-172.16.2.0/24

2 branch

C- 10.10.10.0/24

D- 10.20.10.0/24

E- 10.66.10.0/24

the tunnelis ok From A to CDE

but from B to CDE won't come up

pinging is unsuccessful as well as all other traffic

the connection profile is setup to have both A and B as local networks

and A and B by the moment share the same access rules configuration,

logs show firewall 1 let pass and build connections, without denies, but remote firewall does not receive a single packet fron the source ip from netywork B

any idea?

Jennifer Halim · ‎06-04-2012

Does remote branch has the same mirror image access-list for network B as well?

What about NAT exemption on branch 1, have you included network B?

View solution in original post

Jennifer Halim · ‎06-04-2012

Does remote branch has the same mirror image access-list for network B as well?

What about NAT exemption on branch 1, have you included network B?

Giuliano Gerardi · ‎06-05-2012

yesterday I found the issue, only network A was in the nat Rules while B was not...

so I assume you are right

however thank you very much !!