Post relevant sanitized phase2 configurations.
Mainly your ACLs.
On Oct 12, 2016 04:37, "Tseveendorj Ochirlantuu" <tseveend...@gmail.com>
> I'm new to site to site IPsec VPN and also ASA 5505 firewall.
> My site to site IPsec VPN tunnel established between SiteA to SiteB. And
> can ping IP behind firewall. Now I need to
> Site A is VPN one end
> Site B is VPN other end
> Site C is VPN other end
> IP1 is located outside of Site B.
> SiteA -----------------------------------> SiteB
> --------------------------------> SiteC
> Site to Site VPN Site to Site
> Which means SiteB has two IPsec VPN config.
> Now I want to if Site A access to IP1 then it goes over VPN and Site B's
> firewall should NAT Site A's LAN IP to It's outside interface address (PAT
> overload) and reach to IP1.
> I'm trying to this but no success. I have log in firewall. I just sanitize
> IP address to above name
> %ASA-4-402116: IPSEC: Received an ESP packet (SPI= 0x05673803, sequence
> number= 0x75) from "SiteA Public IP" (user= "SiteA Public IP") to "SiteB
> Public IP". The decapsulated inner packet doesn't match the negotiated
> policy in the SA. The packet specifies its destination as "IP1", its
> source as "SiteA Local IP", and its protocol as 6. The SA specifies its
> local proxy as "SiteC Local Subnet"/0/0 and its remote_proxy as "SiteA
> Local subnet" /0/0.
> What is the problem ? Thank you.
> cisco-nsp mailing list firstname.lastname@example.org
> archive at http://puck.nether.net/pipermail/cisco-nsp/
cisco-nsp mailing list email@example.com
archive at http://puck.nether.net/pipermail/cisco-nsp/