I am having an issue with a VPN connection that I have.. I have a VPN set up to allow all hosts in a /24 subnet to work across from a single host on my side. From the host on my side, I am able to ping to and access some of the hosts on the other side. I have however, one host that is not allowing me to ping to it. We have verified firewall on the far end is allowing all but I can't make any kind of connection. We have verified that the machine on the far end is pingable and accessible from other networks. It is almost like the host on my side doesn't even try to connect across the tunnel. I have verified in my logs that when I do a ping from my host, it shows it building and tearing down a connection on the firewall for NAT so I know that traffic is at least getting to the firewall but it looks like it is not getting any farther. Has anyone seen any strange behavior like this before? I know that ACLs and such are correct on both ends due to the tunnel coming up when I try to access another host. The tunnel doesn't come up though when I try to ping the problem machine.
Also, we have tested from the far end of the tunnel and when I attemp a ping to the problem machine, they don't see any traffic hitting thier VPN endpoint. They do however see traffic to all the other hosts that I attemp to access on thier network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...