Hello.
We have setup a site-to-site VPN using Softether VPN.
Here we have 2 network:
Datacenter: 10.0.80.0/24
Customer: 192.168.1.0/24
VPN-Gateway at datasenter is at 10.0.80.254
Custerom VPN gateway is a t 192.168.1.254
Routers at both locations has a static route added:
Datascenter: 192.168.1.0/24 -> 10.0.80.254
Customer: 10.0.80.0/24 -> 192.168.1.254
So here is the kicker.
We can ping from customer to datacenter through the link, but we cannot ping from the datacenter to our customer. So ICMP can be initiated one way. But no TCP or UDP is allowed.
In the logs from the Cicso ASDM we see:
Denied ICMP type=0, from laddr 192.168.1.10 on interface inside to 10.0.80.6: no matching session
I have tried to run: same-security-traffic permit intra-interface, but no change.
AND, if we just add the routes manually on a computer at the customers location, everything just works. And since ping works one way, there is just something in the firewall, or ACL or where Cisco hides this stuff, and no error in the vpn-gateway or routes.
Thanks in advance anyone who can help :)
No comments:
Post a Comment