I have met a site to site vpn problem, for pinging nothing replied from machines from remote subnet.
but the ipsec tunnel is ok, and i can ping the remote ASA's inside interface's ip
Here is my scenario:
LAN1 -- ASA5510 -- ASA5505 -- LAN2 -- remote_machine
LAN1 can ping ASA5505's inside interface (172.25.88.1)
but cannot ping remote_machine (172.25.87.30)
ASA5505's inside interface can ping remote_machine
LAN2 can ping ASA5510's inside interface and machines on LAN1
Is there something I missed?
Thanks lot for reply
I don't think that is something you want to really do.
If you PAT the whole subnet LAN1's ip (192.168.1.0/24) to 172.25.249.1, then LAN2, will not be able to reach specific host on LAN1, cause now, you are representing the LAN1 network, with a single ip.
So traffic will become one way only from LAN1 being able to reach LAN2, and get response from LAN2 through the PAT on 172.25.249.1
But LAN2, can no longer do traffic to specific LAN1 hosts ip, since you only have 172.25.249.1, to represent LAN1 subnet.
If you still want to PAT the whole subnet of LAN1's ip (192.168.1.0/24) to 172.25.249.1, then you have to do outside NAT.