I have more details on what I am finding now. I have some VPN tunnels that NAT an external to an internal address and some that don't. The ones that NAT that internal to external for their tunnels are working while the ones that don't aren't working. Here are relevant portions of the config on the ASA.
access-list 115 extended permit ip host 192.168.1.7 host 172.17.31.218
access-list 115 extended permit ip host 192.168.1.7 host 172.17.31.212
access-list 40 extended permit ip host 192.168.1.7 host 10.48.239.199
access-list 40 extended permit ip host 192.168.1.7 host 10.48.239.75
access-list 40 extended permit ip host 192.168.1.7 host 10.48.239.56
access-list 101 extended permit ip host 192.168.12.5 host 10.105.130.165
access-list 101 extended permit ip host 192.168.12.5 host 172.31.88.86
I found something that might be causing it. I see in the denied it is denying 192.168.12.5 to there which makes sense because these are ones that aren't using NAT and 192.168.1.7 should be bypassing NAT based on the config I sent earlier. Any ideas why it isn't working?
Forward Flow based lookup yields rule:
out id=0xd5b24d68, priority=70, domain=encrypt, deny=false
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...