Looks like possible routing issue. since 10.0.0.0 is inside. as a /8. so FW
sees the 10.200.0.0/24 back to inside.
I created a static to 10.200.0.0/24 to outside interface IP.
Now on packet trace i get this
Type - VPN Subtype - encrypt Action - DROP
On Fri, Mar 8, 2013 at 5:53 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
> Check your NAT config, IPsec proxy ACL, and routing. Post your config if
> you're stumped.
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security), CCDE 2013::13
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> On Mar 8, 2013, at 6:30 PM, "Dennis Worth" <dennis.worth_at_gmail.com> wrote:
>
> > Group,
> >
> > Probably something easy, but for life of me I can't find it.
> >
> > Phase I UP
> > Phase II UP
> >
> > Nating on both sides of the tunnel, but one side does not recognize the
> Nat
> > on one side for VPN outbound.
> >
> >
> >
> > (REMOTE SIDE) 10.10.10.10
> > ---ASA-10.200.0.1(NAT)-----(NAT)172.16.100.10-ASA---10.10.10.125 (HUB
> SIDE)
> >
> >
> > Hub side receives traffic but does not send traffic.
> >
> > Bad ACL's?
> >
> >
> >
> >
> > --
> > Dennis Worth
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
-- Dennis Worth Blogs and organic groups at http://www.ccie.netReceived on Fri Mar 08 2013 - 20:25:43 ART
This archive was generated by hypermail 2.2.0 : Wed Apr 03 2013 - 19:06:19 ART