Hi,
We have site to site vpn with a company who manages our in-house software. They have allowed 5 IP addresses to be able to PING & connect to their SQL server (port 1433) on their end over the vpn tunnel. Their SQL server IP is 192.168.20.10.
We use Cisco ASA.
I have added 4 IP to the VPN connection profiles.
object-group network DM_INLINE_NETWORK_10
network-object object 172.24.12.11
network-object object 172.24.12.12
network-object object 172.24.12.13
network-object object 172.24.12.14
object network ExtDev-Subnet-1
subnet 192.168.20.0 255.255.255.0
access-list outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_10 object ExtDev-Subnet-1
nat (inside,outside) source static DM_INLINE_NETWORK_10 DM_INLINE_NETWORK_10 destination static ExtDev-Subnet-1 ExtDev-Subnet-1 no-proxy-arp route-lookup
The problem is one of our host 172.24.12.12 cannot ping or telnet 192.168.20.10 or their gateway 192.168.20.1. Rest 3 hosts has no problem ping/telnet.
Local Firewall on 172.24.12.12 has been disabled. As a test I have temporarily assigned 172.24.12.12 to a Windows 10 client which also couldn't ping/telnet.
They (192.168.20.0/24) have no problem ping our 4 servers. I have asked them to check their firewall config and they said all looks good on their end and they think its something on our end.
How do I troubleshoot this ? Any help on this will be much appreciated, thank you.
No comments:
Post a Comment