I have 3005 concentrator at central site and 3002 hardware client at remote site. I using 184.108.40.206/16 at the concentrator private interface and 10.1.1.1/24 at the hardware client private interface side. Enabling network extension mode .Tunnel is up and running ,from the central site I can ping 3002 hardware client private interface BUT from the 3002 hardware client I CANNOT ping to the 3005 concentrator private interface , any idea ?
You should be able to ping the concentrator private from the 3002. I think gaban had it right. Route statements are needed. The packets can get to the central site but they don't know how to get back. Is anything getting to the central site from the client site? If not then routing is the first place I would look.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...