I have a working L2L tunnel from Cisco ASA5505 to an Astaro security device. There are 4 remote LANs that are routed over this tunnel: 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 and 220.127.116.11/16.
However I cannot reach any remote device of this LAN 18.104.22.168 but I can reach devices from the other 3 LANs.
The 'show crypto ipsec sa' shows that only IPSec seesions are established for the other LAN but not for 22.214.171.124.
Can anyone tell me why? Any LAN limitation or is it not allowed to use public IP range for LAN? But It works just fine with the old Pix 501.
His is part of my configuration:
ASA Version 7.2(4)
ip address 192.168.94.200 255.255.255.0
object-group network test
network-object 192.168.0.0 255.255.0.0
network-object 10.0.0.0 255.0.0.0
network-object 172.16.0.0 255.240.0.0
network-object 126.96.36.199 255.255.0.0
access-list outside_cryptomap_10 extended permit ip 192.168.94.0 255.255.255.0 object-group test
access-list outside_nonat_10 extended permit ip 192.168.94.0 255.255.255.0 object-group test
global (outside) 1 interface
nat (inside) 0 access-list outside_nonat_10
nat (inside) 1 0.0.0.0 0.0.0.0
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map raagfw02 10 match address outside_cryptomap_10
crypto map raagfw02 10 set pfs
crypto map raagfw02 10 set peer x.x.x.x
crypto map raagfw02 10 set transform-set ESP-AES-128-SHA
crypto map raagfw02 interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 13
crypto isakmp nat-traversal 20
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
Any soon response warmthly welcomed.