Both hosts can reach each other without issues. Ping, connect, no problem.
The problem is when one of the hosts trys to reach the inside interface of the remote ASA. E.g. Host 1 trying to ping ASA5510 inside interface. Again Host 1 and 2 have the same subnet address of 10.1.1.0/24. I have configured the ASA 5505 to do the the NAT translations.
Here is the ASA 5505 config (the parts that matter):
ASA Version 8.2(5)
ip address 10.1.1.1 255.255.255.0
ip address 192.168.100.102 255.255.255.252
access-list vpnACL extended permit ip 10.1.20.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list VPNnat extended permit ip 10.1.1.0 255.255.255.0 10.1.30.0 255.255.255.0
VPN NAT Overlap subnets remote ASA interface does not reply
Thanks Jennifer for the reply. Is that just an ASA rule? Or is there more of a technical reason why not? Because I see using debug icmp trace, the at ASA's receive the ICMP requests. But the ASA does not reply.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...