Cisco ASA LAN to LAN with NAT, VPN OK, traffic KO

Unanswered Question
Sep 29th, 2010

Hello All,

It makes now several days that I'm trying to find where the problem can be, but it's becoming very frustrating to stay blocked...

Here is the picture of what I have to configure:

VPN-Implementation - Copie.png

The client says he sends packets, I can see them arriving, but the client is unable to connect to the WebServer, neither to ping it.

Do you have a solution to this problem. Configuration is attached.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jitendriya Athavale Wed, 09/29/2010 - 08:19

when you do a ping test, please capture packets on the inside of asa nad see if you see them leaving the inside of firewall

secondly, how is th etunnel configured is your cryto acl natted ip or is it private to private

thirdly, is th eother traffic through the vpn working fine

praprama Wed, 09/29/2010 - 08:41


How are the clients trying to access the server. Are they using the IP address or the NATed IP

I noticed a static policy NAT with the destination IP as "any" as below:

access-list inside_nat_static_1 extended permit ip host InovaSuite-Server any

static (inside,outside)  access-list inside_nat_static_1

We can as well change it to just "static (inside,outside) InovaSuite-Server".

Also, any reason why you have the below static command?

static (outside,outside) InovaSuite-Server  access-list outside_nat_static_1

I could not make much sense out of it.

Thanks and Regards,



This Discussion