I've set up a remote access vpn for client 2 to access some networks behind R1 and R2. There is no NAT involved. The network uses OSPF. The routes are injected into OSPF using RRI. I've activated the same-security-traffic permit intra-interface to allow traffic to R2 also.
All is fine, all routers learn the new route but the trouble is that I can only access hosts behind R1. A traceroute from behind R2 dies in ASA. A traceroute from the vpn client doesn't even leave ASA.
To make a test I made another vpn connection profile for the inside interface and tested it with the client 1. This client is able to access all hosts, both behind R1 and R2.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...