Hello all,

I have 2 ASA5505 (CORP and remote) connected via VPN. The remote site contains 2 subnets (192.168.1.0/24 and 192.168.0.0/24 (for remote VPN users)). The corp site has 192.168.2.0/24 directly connected to ASA5505 and an adjacent network connected via another device namely the 172.16.0.0/16 network.

I am able to ping site-to-site between 192.168.0 -> 192.168.2

and

192.168.1 -> 192.168.2

I am unable to ping from remote site to the 172.16 network however.

I added permit ACLs on both my NAT and CRYPTO ACLs. and when I am trying to ping the remote 172.16 network I get the following messages on my CORP ASA:

4 Aug 12 2007 02:59:52 400010 192.168.2.1 192.168.0.10 IDS:2000 ICMP echo reply from 192.168.2.1 to 192.168.0.10 on interface inside

reply is timing out though.

Any tips would be appreciated!

My ACLS:

REMOTE SITE:

#NONAT

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.0.0

access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.0.0

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 192.168.1.0 255.255.255.0

#CRYPTO ACL

access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 100 extended permit ip 192.168.1.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 100 extended permit ip 192.168.0.0 255.255.255.0 172.16.0.0 255.255.0.0

access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0

CORP SITE:

#CORP

access-list 200 extended permit ip 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0

access-list 200 extended permit ip 172.16.0.0 255.255.0.0 192.168.3.0 255.255.255.0

access-list 200 extended permit ip 172.17.0.0 255.255.0.0 192.168.3.0 255.255.255.0

access-list 200 extended permit ip 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list 200 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 200 extended permit ip 172.16.0.0 255.255.0.0 192.168.0.0 255.255.255.0

access-list 200 extended permit ip 172.16.0.0 255.255.0.0 192.168.1.0 255.255.255.0

nat (inside) 0 access-list 200

nat (inside) 1 0.0.0.0 0.0.0.0

#CRYPTO ACL

access-list 105 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list 105 extended permit ip 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list 105 extended permit ip 192.168.3.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list 105 extended permit ip 172.16.0.0 255.255.0.0 192.168.1.0 255.255.255.0

access-list 105 extended permit ip 172.16.0.0 255.255.0.0 192.168.0.0 255.255.255.0

access-list 105 extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0

Thanks in advance!