Hello all,
I have 2 ASA5505 (CORP and remote) connected via VPN. The remote site contains 2 subnets (192.168.1.0/24 and 192.168.0.0/24 (for remote VPN users)). The corp site has 192.168.2.0/24 directly connected to ASA5505 and an adjacent network connected via another device namely the 172.16.0.0/16 network.
I am able to ping site-to-site between 192.168.0 -> 192.168.2
and
192.168.1 -> 192.168.2
I am unable to ping from remote site to the 172.16 network however.
I added permit ACLs on both my NAT and CRYPTO ACLs. and when I am trying to ping the remote 172.16 network I get the following messages on my CORP ASA:
4 Aug 12 2007 02:59:52 400010 192.168.2.1 192.168.0.10 IDS:2000 ICMP echo reply from 192.168.2.1 to 192.168.0.10 on interface inside
reply is timing out though.
Any tips would be appreciated!
My ACLS:
REMOTE SITE:
#NONAT
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 172.16.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.1.0 255.255.255.0
#CRYPTO ACL
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 172.16.0.0 255.255.0.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.0.0
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
CORP SITE:
#CORP
access-list 200 extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 200 extended permit ip 172.16.0.0 255.255.0.0 192.168.3.0 255.255.255.0
access-list 200 extended permit ip 172.17.0.0 255.255.0.0 192.168.3.0 255.255.255.0
access-list 200 extended permit ip 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 200 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 200 extended permit ip 172.16.0.0 255.255.0.0 192.168.0.0 255.255.255.0
access-list 200 extended permit ip 172.16.0.0 255.255.0.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list 200
nat (inside) 1 0.0.0.0 0.0.0.0
#CRYPTO ACL
access-list 105 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 105 extended permit ip 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 105 extended permit ip 192.168.3.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 105 extended permit ip 172.16.0.0 255.255.0.0 192.168.1.0 255.255.255.0
access-list 105 extended permit ip 172.16.0.0 255.255.0.0 192.168.0.0 255.255.255.0
access-list 105 extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
Thanks in advance!
