I have an ASA5505 that I need to connect to two remote networks. I worked though getting the first tunnel to my HQ working. I need to now add a remote office. My HQ and the remote office both use SonicWALL PRO2040 devices, same firmware and OS.
I used the working tunnel config to create the second tunnel. The first tunnel starts and works perfectly. When I try to send traffic to the remote office the second tunnel never even starts.
I look in the logs at both ends (I gain access to the remote location via a software client) and there are no exchanges between my ASA and the PRO2040.
What more might I need to do to get the ASA to start the tunnel?
I'm running 8.0 on my ASA. All the SW's are 18.104.22.168 Enhanced.
ok, so connections to the remote networks need to have a nat 0 applied to them. In your config your nat 0 looks like this:
nat (inside) 0 access-list outside_cryptomap
in order to get your new VPN to work, you will need to apply this to the new traffic, however you will need to create a new acl for the NAT 0 statement. The commands you will need to complete this are as follows:
access-list nonat extended permit ip inside-network 255.255.255.0 my-hq 255.255.248.0
access-list nonat extended permit ip inside-network 255.255.255.0 office2 255.255.255.0
no nat (inside) 0 access-list outside_cryptomap
nat (inside) 0 access-list nonat
Everything else loks ok, so that should do it :)