[c-nsp] Cisco ASA vpn hairpin

Pavel Dimow paveldimow at gmail.com
Tue Sep 6 06:03:59 EDT 2016


Hi all,

sorry for the late answer and not posting the sanitized config. The issue
was a crypto map on one ASA.
Thank you all for your replies.

On Tue, Sep 6, 2016 at 6:53 AM, Murat Kaipov <mkkaipov at gmail.com> wrote:

> Hello, it looks like NAT rules issue.
>
>
> > 6 сент. 2016 г., в 1:55, Pavel Dimow <paveldimow at gmail.com> написал(а):
> >
> > Hi guys,
> >
> > I have a big problem in my setup and I don't know how to solve it plus
> it's
> > urgent :(
> >
> > I have ASA1 and ASA2 and L2L IPSec tunnel. Everything working fine. Now,
> I
> > have vpn users that use l2tp over ipsec  to dialin in ASA1. They tunnel
> all
> > traffic to ASA1. Everything is working fine, thay can access all hosts on
> > ASA1 and they can browse the internet. The only thing that is not working
> > is that they can't access the hosts located on ASA2. I checked crypto
> ACL,
> > ACL and NAT rules everything looks fine. I have same-security-traffic
> > permit inter-interface on ASA1. Anyone here who can help me please?
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list