Hello I'm new to site to site IPsec VPN and also ASA 5505 firewall.
My site to site IPsec VPN tunnel established between SiteA to SiteB. And can ping IP behind firewall. Now I need to Site A is VPN one end Site B is VPN other end Site C is VPN other end IP1 is located outside of Site B. SiteA -----------------------------------> SiteB --------------------------------> SiteC Site to Site VPN Site to Site VPN Which means SiteB has two IPsec VPN config. Now I want to if Site A access to IP1 then it goes over VPN and Site B's firewall should NAT Site A's LAN IP to It's outside interface address (PAT overload) and reach to IP1. I'm trying to this but no success. I have log in firewall. I just sanitize IP address to above name %ASA-4-402116: IPSEC: Received an ESP packet (SPI= 0x05673803, sequence number= 0x75) from "SiteA Public IP" (user= "SiteA Public IP") to "SiteB Public IP". The decapsulated inner packet doesn't match the negotiated policy in the SA. The packet specifies its destination as "IP1", its source as "SiteA Local IP", and its protocol as 6. The SA specifies its local proxy as "SiteC Local Subnet"/0/0 and its remote_proxy as "SiteA Local subnet" /0/0. What is the problem ? Thank you. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/