Failover pair, to failover pair - unable to access standby over VPN
At the head end there is an ASA failover pair which forms a IPSEC VPN tunnel to a remote ASA failover pair. We manage the remote side by going through the VPN from the head end.
The problem is that I cannot access the standby ASA at the remote side because when my ssh or icmp traffic gets to it, it then thinks the return route is on its outside interface which doesn't have a tunnel to travel on and so it uses the public internet to try to get back which is dropped.
I can access the standby at the remote site going through the public internet, but not through the VPN tunnel.
The question is, how can I get management traffic (icmp,snmp,logging and ssh) to come back over the tunnel from the standby firewall at the remote site.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...