Let me start by prefacing that I know a thing or two about networking. VPNs no so much.
I'm trying to setup a Site-toSite VPN between two ASA 5505's. I'm building this in an office lab before I deploy it to the end sites. I folllowed the directions on this very informative forum and believe I have it setup correctly. I can see the tunnel get built and I can even see traffic counters incrementing. But the actual user sessions don't seem to work. For example, ping and telnet don't work.
Here's an excerpt from the syslog for a ping test to a computer on the remote end.
(10.1.10.5 is the local computer, 10.1.11.5 is the remote computer. 10.1.11.1 is the inside interface of the remote ASA)
You were right on the money with the Windows Firewall. I had neglected to consider the fact that Windows Firewall is only allowing traffic from the local subnet and not from the traffic originating on the subnet on the other end of the VPN. Once I turned off the firewall, everything flowed smoothly.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...