ASA 5505 IPSEC VPN Client problem from some remote sites - bizarre
Having a bizarre issue that's beyond my knowledge. I configured the ASA 5505 for an IPSEC tunnel. Regardless of what remote site a user tunnels from, the tunnel comes up, both PHASE 1 and PHASE 2. From some sites, the user can successfully ping the office network resources behind the ASA, but for others, from troubleshooting, it seems traffic from the remote end can reach the office network resources, but the the office network resources cannot get past the ASA and not reach the remote end. Logging is no help as I cannot see any traffic dropped by the firewall. It's bizarre as some sites work - where traffic is bi-drectional over the tunnel, and others do not, but for those remote sites where it doesn't work, the problem looks like behind the ASA - where traffic is one-way over the tunnel.
Has anyone seen this before? And advise a corrective action?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...