So you have a site to site VPN between FW_A and FW_B? Or is this an MPLS VPN setup? or something else?
Without seeing your configuration, by default you will not be able to ping the ASA inside interface over a site to site VPN. You will need to add the command managment-access to be able to reach the IP associated with the interface name.
But that you can not ping the inside switch could point to either a crypto ACL problem or a routing problem...depending on what your setup is.
Could you please explane in more detail your setup so that we can assist you further.
-- Please remember to rate and select a correct answer
Please remember to rate and select a correct answer
I don't have access to RTR_A, but from FW_A I can ping all the way to Site B switch. Hence, routing should be fine.
Both FW VPN zone security level is 50 and LAN zone security level is 100. Is it supposed that I can only ping to the connected interface of the firewall? For example, FW_A can only reach until FW_B VPN interface 192.168.88.6 and FW_B can only reach until FW_A VPN interface 10.60.186.70? If yes, I'm wondering how come FW_B can ping to FW_A LAN interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...