traffic between VPN sites

Unanswered Question
Feb 18th, 2010

I have multiple l2l VPNs set up on an ASA 5505 at my central site.

both remote sites also run ASA 5505. (remote networks are and

I can ping these sites from my central ASA (

I can ping the central ASA from both remote sites.

But I can NOT ping from one remote site to the other.

I've attached a sanitized copy of the running config of the central ASA

ASA Version 8.2(1)
hostname *

interface Vlan1
nameif inside
security-level 100
ip address
interface Vlan2
nameif outside
security-level 0
ip address *.*.*.*
interface Ethernet0/0
switchport access vlan 2
ftp mode passive
object-group network internalnets

object-group network VPN-sites

access-list outside_access_in extended permit ip object-group VPN-sites object-group internalnets
access-list inside_nat0_outbound extended permit ip object-group internalnets any
access-list outside_cryptomap_OKC extended permit ip object-group internalnets
access-list inside_access_in extended permit ip object-group internalnets object-group VPN-sites
access-list tcp-traffic extended permit tcp any any
access-list outside_cryptomap_WR extended permit ip object-group DRS-Nets
access-list outside_cryptomap_WR extended permit udp object-group DRS-Nets C3-WR

no monitor-interface inside
no monitor-interface outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside

nat (inside) 0 access-list inside_nat0_outbound
access-group outside_access_in in interface outside
route outside 1
route inside 1
route inside 1
route inside 1
route inside 1
route inside 1

management-access inside

no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption des-sha1
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec

class-map tcp-traffic
match access-list tcp-traffic
policy-map global_policy
class tcp-traffic
  set connection advanced-options allow-probes
service-policy global_policy global

: end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion