I have an ASA5540 which terminates both remote access and L2L tunnels. Inside the ASA, all traffic (RA and L2L) passes through an in-band NAC appliance.
The RA tunnels work fine, and users can access all resources on the protected (inside) network.
However, the L2L tunnels have a problem. I have configured the remote subnets in the "Filters" section of the NAC manager to allow them through, but certain protocols are being blocked from the protected to the unprotected side.
For example, I cannot ping from the remote subnet to any address on the protected network, or vice-versa. IP phones using H.323 on the remote subnets are not able to connect.
Pings sent from the remote subnet to the inside network are reaching the destination address, which is replying, but packet sniffing shows that it is the NAC appliance which is blocking the outbound reply.
Does anyone have any idea why this is happening and what to do about it?