Hey,
looking for some help, got cisco asa5525 firepower in HA, in prod, all working etc etc.
With recent wfh, anyconnect in place and happily working as expected. However for some reason I cannot reach one of the networks that sits on a site2site vpn, other sites work fine, its a single hub HA with multiple spokes if that changes anything.
Now, I am forced to use a nat rule to present outbound traffic as something else, this is due to their lack of response to changing thier inbound subnet rules, anyway, it works fine as expected internally.
I checked s2s subnets, checked include split tunnel on anyconnect, created dedicated nat rule just for anyconnect traffic.
asa packet tracer shows no issues, it hits through the nat rules as expected and forwards packet as expected with no rules or otherwise blocking it. however I still can't even get a ping going.
edit;
sorted it now, turns out my nat rule was misconfigured for this, unlike internal that had a internal to outside nat, this one needed a outside to outside rule, on top of everything else that was now in place.
No comments:
Post a Comment