I'm trying to setup another ipsec VPN group and policy. So far, I can connect with it, and I can ping the ASA 5505, but nothing else on the inside. The funny thing is, I've got another group and policy setup that works fine. I've tried to emulate it but I can't figure out what I'm doing wrong. I'm getting this error in the log:
Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:10.4.71.104 dst inside:10.4.70.2 (type 8, code 0) denied due to NAT reverse path failure.
Attached is a network diagram. Thanks for your help.
Yes 8.3 does make a difference
Well I can suggest quite a few ways out of this.
And this is what you need to add ... sort of nat exemption from previous versions.
nat (inside,any) source static obj-10.4.70.0 obj-10.4.70.0 destination static obj-10.4.71.0 obj-10.4.71.0
edit: Corrected IP addresses. if 10.4.70.0/24 is local and 10.4.71 remote you need to add an exemption here.