We have an ASA5510 which has two LAN to LAN IPSEC VPNs configured. The VPN tunnels themselves are up and one VPN works great. But the other VPN doesn't correctly NAT outbound traffic (inbound is fine from all VPN endpoints). When I ping from the ASA using 'ping inside 10.200.4.x', it works. When I ping from a box sitting on the inside subnet I get the following error in the ASA logs:
portmap translation creation failed for udp src inside:10.26.32.2/137 dst outside:10.200.4.x/137
I would be really grateful if someone could point out what I have done wrong with the NAT or routing configuration. This is the first time I have setup two L2L VPNs on one ASA. The relevant parts of the config are below, suitably anonymised.
Edit: I forgot to mention that once this is working I then need to NAT incoming traffic to web.server.public.ip to 10.26.32.2 and add ACL entries for www and https.
ip address 220.127.116.11 255.255.255.248
ip address 10.26.32.1 255.255.255.0
ip address 192.168.61.1 255.255.255.0
access-list outside_1_cryptomap_1 extended permit ip 10.26.32.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list outside_20_cryptomap_1 extended permit ip 10.26.32.0 255.255.255.0 10.200.4.0 255.255.255.0
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :