VPN 3005 - Multiple spokes that need to see each other
I have a VPN 3005 concentrator that has multiple lan-to-lan IPSec tunnels coming into it, some of which need to communicate with one another. I'm having an issue configuring this -- I've got a tunnel gateway configured, which would be the same as the internal lan default gateway. I've also got network lists configured to allow the traffic from one spoke to another but cannot get it to work. Any ideas? Thanks!
Re: VPN 3005 - Multiple spokes that need to see each other
You can try changing the value for tcpmss to see if the problem is with the size of the packets. You can also try the option "Fragment prior to IPSec encapsulation without Path MTU Discovery(Clear DF bit)", it may resolve the problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...