i have an IPSec VPN between a Cisco PIX501 and a ASA5505.
Clients behind the PIX501 can communicate with CLients behind the ASA5505 fine, but they do not seem to be able to access a web server in the DMZ.
Looking at my config, I can see the ACL used in the crypto map and it does state both networks as interesting traffic.
Are there any debug commands i can use that can help me find out where the packet is being dropped?
I have used the ASDM on the ASA to mintor realtime traffic flow and I cannot see any deny tcp statements appear when I attempt to connect to the webserver. So I am thinking that there is an issue with my IPSec tunnel config.
I dont think they have ever needed to do this before so I am thinking that it is a new requirement. Failing that, I could use a packet sniffer on the web server to see if the webserver ever receive the packets. But i'd still like to know if my IPSec tunnel is not dropping anything.
Any advice appreciated!!