I have a ASA '1' connected to an external subnet 'B' - this ASA is the default gateway for this subnet 'B'. I also have a second ASA '2' (inside on subnet 'B', outside on subnet 'C') connected to this subnet with a connection to subnet 'C'.
All devices on subnet 'B' have a default gateway of ASA 1, ASA 1 also has a static route pointing to subnet 'C' via ASA 2. Currently ASA 2 has 'any/any' rules on both the inside and outside interfaces. I can ping from a host on subnet B to subnet C, however I cannot RDP from subnet B to subnet C. I can RDP and Ping from subnet C to B. No 'Deny' entries are being seen in either of the ASA logs so it looks like the ACL's are OK. Neither of the ASA's are Natting - only routing.
I have enabled ICMP on the outside interface of ASA 1.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...