Hi I have two asa 5500 with a site to site tunnel. Everything on the small location works fine. But from the large location we cannot ping the host on the small location and vice versa. The small location can use internet over the large location. But also fileshares do not work.
How do I transparantly open the site to site tunnel?
When I ping from the large location in the network to a host on the small location I see in the 5550:
I'm a bit confused by the description, you say at the small site everything works fine but then later you say that ping and file shares don't work? Can you clarify what exactly works (only internet?) and what doesn't (all access to the main site?) ?
In any case, from that error you quote, this sounds like a routing issue: note that it says "src inside: dst inside:" so it thinks the destination is on the inside (while it should be on the outside, across the vpn tunnel).
If you'd like some help troubleshooting this further, we'll need more details - would you mind posting your configs and the full syslog message?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...