I have an ASA configured for SSL vpn for remote access, and also an IPSec tunnel between the ASA and another site. The SSL vpn works fine, and i am able to access everything at the ASA site. The IPSec tunnel is also working and i am able to communicate between the two sites.
My issue is that SSL vpn users can not access the second site through the IPSec tunnel. Hair pinning is working to some extent, and the SSL vpn users are able to route their internet traffic over the link and go out over the ASA internet connection.
The second site's IPSec tunnel is terminated on an IOS router. Looking at the IPSec stats i can see packets being encrypted for the SSL user subnet, but not decrypted when i ping an address. The ASA does not seem to forward the packet from the SSL tunnel back over the IPSec tunnel.
Yes, the SSL client is tunneling the second site's subnet and i can see the packets being encrypted on those stats.
Before i spend too much time on this, should this design work? The ASA is running 8.04.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...