I have an ASA 5510 that has Remote Access VPN and a Lan-To-Lan set up and working great. Local nets and users on the RA net can access networks across the Lan-To-Lan no issues. I added a second Lan-To-Lan to another site and only the local network can access the remote network. Remote Access users can not. They can still access the original tunnel network, but not the second tunnel network.
The other end in this case is a Juniper firewall. Any ideas? My crypto map has the two L2L tunnels listed first and then the RA tunnel. Again, this works great on another L2L, just not this new one.
You need to make sure that this particular lan to lan tunnel contains the pool of the vpn client defined as part of the local network going to the remote (juniper side) network and the remote juniper should have the same in a mirrored way.
It does. It is configured for the local net and the RA net to communicate with teh network on the remote end. Another L2L tunnel on the same ASA works fine, but this one to the Juniper does not. Any known issues with Tunnels to Juniper FW's?
Thanks James. The negotiated SA shows the correct subnets configured but shows errors related to the RA network SA so it seems the problem is on the Juniper side. The admin on the other end says the network/mask is correct but unfortunately I don't have access to confirm that.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...