I'm in the process of setting up VPN. The setup is easy but ACL's can be rather difficult to get working correctly even when something is missing. It seems I can ping and access my server network. I can access and ping my core switch with no problems. Anything pass that I cannot reach, ping or access.
I gone as far as creating a Standard ACL to an Extended and neither will work.
There are two access lists used in a typical IPsec VPN configuration. One access list is used to exempt traffic that is destined for the VPN tunnel from the NAT process. The other access list defines what traffic to encrypt, If these ACLs are incorrectly configured or missing, traffic might only flow in one direction across the VPN tunnel.
Be sure that you have configured all of the access lists necessary to complete your IPsec VPN configuration and that those access lists define the correct traffic. Are you able to post the ACL's.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...