I need organize 2 type of access between 2 asa 5510 - site 2 site and Remote access. VPN Peers are same for both situation.
One of peers has IP address 18.104.22.168 and another has 22.214.171.124 ( sw version 9.1(3) )
peer 126.96.36.199 has 192.168.1.0/24 network and peer 188.8.131.52 has 172.16.1.0/24 (interface inside) and 172.16.2.0/24 (interface DMZ).
Need following configuretion:
192.168.1.0/24 must have access to 172.16.1.0/24 via Site 2 Site VPN
also 192.168.0.24 need access to 172.16.2.0/24 via RA vpn.
When I configure ONLY ONE TYPE VPN Tunnel, it works, but I need BOTH TYPE VPN at same time.
In Log windew I see following errors:
%ASA-6-713905: Group = UserGroup, Username = User, IP = A.A.A.A, Skipping dynamic map SYSTEM_DEFAULT_CRYPTO_MAP sequence 65535: cannot match peerless map when peer found in previous map entry.
%ASA-3-713061: Group = UserGroup, Username = User, IP = A.A.A.A, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 172.16.2.0/255.255.255.0//0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
184.108.40.206 Asa upgrade done short time ago, there was sw 8.2(x) verson before, and both VPN was worked correctly, after upgrade I have reseived erros above.
How can I solve this issue? (SSL VPN not a solution, IPSEC is required).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...