Hello, I am using an ASA 5540 VPN edition to terminate VPN connections from software clients and PIX/ASA boxes using EasyVPN (in network extension mode).
I am trying to get the PIX/ASA remote networks and the VPN Clients to talk to each other (they both have no problems talking to the core) but intra-spoke communication is intermittent.
Just as an example, I was trying to ping from a client (192.168.200.4) to a remote network (192.168.8.1) and it wouldn't work, but when I initiated the ping from the remote network side (192.168.8.1) it started working "magically."
same-security-traffic permit intra-interface is enabled on the core pix.
Here is some of the relevant config:
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.1.129.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.129.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip 172.16.1.0 255.255.255.0 10.1.129.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip 172.16.2.0 255.255.255.0 10.1.129.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip any 10.1.131.0 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 10.1.129.0 255.255.255.128
access-list inside_nat0_outbound extended permit ip any 10.1.129.0 255.255.255.192
access-list inside_nat0_outbound extended permit ip any 10.1.6.192 255.255.255.192
access-list inside_nat0_outbound extended permit ip 10.1.6.0 255.255.255.0 10.1.6.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 172.16.0.0 255.240.0.0 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 10.0.0.0 255.0.0.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.254.0.0
access-list inside_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.0.0 255.254.0.0
access-list inside_nat0_outbound extended permit ip 172.17.0.0 255.255.0.0 192.168.0.0 255.254.0.0
access-list inside_nat0_outbound extended permit ip 172.18.0.0 255.255.0.0 192.168.0.0 255.254.0.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0
ip local pool VPN_CLIENTS 192.168.200.1-192.168.207.254 mask 255.255.248.0
global (outside) 1 209.17.173.11 netmask 255.255.255.0
global (outside) 101 209.17.173.9 netmask 255.255.255.192
global (DMZ) 101 209.17.173.9 netmask 255.255.255.192
global (DMZ) 2 192.168.1.8
nat (outside) 0 access-list inside_nat0_outbound
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 10.2.4.0 255.255.255.0
nat (inside) 101 172.18.1.0 255.255.255.0
nat (inside) 101 172.16.0.0 255.255.0.0
nat (inside) 101 10.0.0.0 255.0.0.0
nat (DMZ) 0 access-list inside_nat0_outbound
Help?
