Unanswered Question
Apr 16th, 2009

I have a remote location that my Corporate office connects to through an IPSec tunnel at the moment. We've decided to upgrade and get an MPLS tunnel between our two locations. Every time I try to force traffic from one location to another, something is dropping packets out and killing the traffic.

Corporate office runs in a Class C subnet in the vein of 10.9.6.x and the remote office is in a Class C subnet in the vein of 10.5.6.x. So, for example, I have the MPLS routers connected by two interfaces: their serial link that goes to the MPLS network, and their FastEthernet ports are connected to the local subnets at and, respectively. I take down the IPSec tunnel and put in routes to go from one subnet to the other on the ASAs at each location which are configured as the default gateways for each location. I can ping from to and vice versa, but when I try to ping from to it fails.

Both ASAs have routes set up kind of like below:


route inside

route inside


route inside

route inside

Like I've said, I can ping from to without a problem. When I try to ping to another host on the other subnet, I lose the traffic. Now, on my syslog messages I saw that it couldn't find a translation group for the reply back message when I sent a ping, so I put in a NAT exemption for the replies but then they just never show up at the other end.

For clarification, please ask any questions. I'm just trying to see if what I'm trying to work with is even possible.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 04/16/2009 - 10:51


What you want to do is possible. A quick question first. Are you running a routing protocol on your network? If yes, are you adverse to running it on your ASA (assuming it supports it)?


This Discussion