We have a site-to-site VPN set up between our HQ (10.1.0.x) and a remote site (10.1.5.x). The HQ device is a PIX 515, and the remote device is an ASA 5505.
The tunnel is up and passing traffic. I can ping from any device on the HQ network to any device on the remote network. All IP traffic seems to be fine, as specified by the cryptomap and nonat access lists. The problem is this: I cannot ping the internal interface of the ASA device directly (10.1.5.1) from the HQ network. I'd like to be able to do this so as to monitor the tunnel's up/down status.
We have another remote device (PIX 501) that does allow its internal interface to be pinged through its VPN tunnel. What is different about the ASA that it does not allow this behavior?
TIA for your help.