Concurrent pings between VPN subnets using ASA (8.4) not working as intended
I have already setup the L2L VPN between two ASAs and successfully ping from a host of a subnet of one site to another host of a subnet on the other site; but, it fails if I 've two concurrent pings between subnets of either site.
It appears that auto-nat is not in effect and when I checked sh crypto ipsec sa I found only one association. I have this vibe as private IPs are not being used for routing purpose that's why it's not being translated. Rather public IPs are being used for trunnel building purpose and once there is a "sa" packets from private IPs are encrypted and sent via tunnel to the peer (public IP), which then decrypts and places to the right host (private IP) via switch.
Basic setup commands are attached for reference. I intend to simuate need for NAT-T. I 've used ikev1 for that purpose. In connection to this down the road I 'll will 've a NAT device before Brnach ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...