we have two ASA 5510s one in 8.4(4) and one in 8.2(5) in a site-to-site VPN setup. All internal traffic is working smoothly.
Site/Subnet A: 192.100.0.0 – local (8.4(4))
Site/Subnet B: 192.200.0.0 – remote (8.2(5))
VPN Users: 192.100.40.0 – assigned by ASA
When you VPN into the network, all traffic hits Site A, and everything on subnet A is accessible.
Site B however, is completely inaccessible for VPN users. All machines on subnet B, the firewall itself, etc… is not reachable by ping or otherwise.
I downgraded to 8.2 and then went back up to 8.4 on the Site A ASA. Site B is now running 8.2(5).
Thank you much in advance and I hope I have been thorough enough.
Best Answer
It's possible you're missing a NAT, but first make sure you've got this line added to your config, same-security-traffic permit intra-interface.
Cisco's command reference for it is here ver8.4 Command Ref. It will allow "hairpinning", which is disabled by default. In ASDM, it is located under Configuration -> Device Setup -> Interfaces. At the bottom of the page.
Before you create NATs, you should create objects to reference in the NATs:
object network obj-192.100.0.0 subnet 192.100.0.0 255.255.255.0 description Subnet A
object network obj-192.200.0.0 subnet 192.200.0.0 255.255.255.0 description Subnet B
object network obj-192.100.40.0 subnet 192.100.40.0 255.255.255.0 description Remote Access VPN Users
The NATs from your remote access subnet to your subnet B would be:
nat (outside,outside) source static obj-192.100.40.0 obj-192.100.40.0 destination static 192.200.0.0 192.200.0.0