5520 intresting vpn trafic will not pass from cascading networks

jabramsciscosupport · ‎04-15-2009

Interesting will not pass through vpn even if any is specified.

If anyone know why please respond.

Thank You....

Thotsaphon Lueangwattanaphong · ‎04-15-2009

joseph,

Would you please provide more information regarding this issue?

Are you using site-to-site vpn?

Are they cisco ASA 5520?

Toshi

jabramsciscosupport · ‎04-15-2009

Yes,

I am using site-to-site.

I am using a 5520 and connecting to a remote site using a 5505.

It seems that only trafic that originates form subnets that are directly connected to the 5520 will only pass even when I define the source as any.

I have used other vpn clients and it work perfectly using the same interesting trafic config (Openswan to 5505).

I do appreciate your time...

Thank You...

Thotsaphon Lueangwattanaphong · ‎04-15-2009

joseph,

Do you have other networks behind ASA5520 and you already configured them as interesting traffic?

Would you please post the configuration on ASA5520? Excluding sensitive information.

Toshi

jabramsciscosupport · ‎04-16-2009

Here is a diagram and the important sections of my running config(s).

(see attachment)

Thank You

Again...

Joe

Thotsaphon Lueangwattanaphong · ‎04-16-2009

Joe,

Is there a layer3 device between old nets and new nets? Does this device have a route to 10.10.170.0(remote-end) pointing to ASA5520? Does ASA5520 have routes of old nets to route them back to Layer3 device?

Toshi

jabramsciscosupport · ‎04-16-2009

Thank You .... Toshi

I had a route from my Layer3 device to the 5520 but did not have them back the other direction.

Thanks again...!

Joe...

Thotsaphon Lueangwattanaphong · ‎04-16-2009

Joe,

I have no doubt why ASA is pretty cool.(grin)

Good job. let me know how things work out.

Toshi