Sylogs show that Cisco 5520 tears down all ICMP connections coming from one to another internal VPN tunnel host.
VPN tunnel addresses are assigned through Address pool
For example, once VPN connection established host 172.16.8.1 cannot ping any other host on 172.16.8.0 network
Is this a misconfiguration issue? What kind of Security setting should be configured to allow this flow?
Please help. thanks in advance
ASA is connected on public interface to Internet FW and on private interface to Intranet FW.
Default routes on ASA are configured as follows:
"route private 0.0.0.0 0.0.0.0 172.16.7.65 tunneled
route public 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1"
This means that all tunneled traffic should go through Intranet FW, which is true for all trafic from the VPN tunnel (172.16.8.x) to LAN but not for the traffic back to the tunnel (172.16.8.x). The latter will go out of the public interface and finish on the Internet FW, where the VPN tunnel address is spoofed.
Can someone explain why the tunnel address is going out through public interface? Thnx