I have two sites, say A and B. I need to do VPN between between these two sites.
In Site A LAN, we have a server which is NATed to a public IP. In site B, we have another server which is also NATed to a public IP. I need to permit these public IP's in the VPN ACL. We have an ASA in site A and Cisco 2801 router in site B.
In site A where we have the ISA, I didn't give the NAT exemption rule and I could bring up the VPN from site A. But I am not able to bring up the tunnel from site B.
Site A's vpn acl
access-list outside_cryptomap_1 extended permit ip host a.b.c.d host p.q.r.s
Site B acl
permit ip host p.q.r.s host a.b.c.d
where a.b.c.d is the public IP to which we have NATed the server in Site A
and p.q.r.s is the public IP to which we have NATed the other server in Site B
I seem to be missing something in site B. the reason I say this is, I don;t see any hits in "permit ip host p.q.r.s host a.b.c.d" acl in site B when I try to ping a.b.c.d from the server p.q.r.s. This server is located in a LAN with private IP which is NATed in the router.
Please let me know if you need more explanation on my scenario. Any help greatly appreciated.
Ribin Jones S.B