|
Posted by GNY on August 5, 2007, 3:43 pm
If you were Registered and logged in, you could reply and use other advanced thread options > On Sun, 05 Aug 2007 15:24:02 -0000, GNY wrote:
> > Hello..
>
> > I have a lan to lan tunnel between 2 sites. Lets say the internal
> > networks are 10.10.70.0/24 and 10.10.80.0/24. All hosts on each side
> > can talk, ping, connect and everything with one another. However I
> > cant get the router inside interfaces where each lan lives.
>
> > So from a host on 10.10.70.0/24 I can't get to 10.10.80.1 .. and vice
> > versa (10.10.80.0/24 --> 10.10.70.1).. These are both ASA devices. I'm
> > thinking this has to do directly with the ASA interface security, but
> > i cant figure it out.
>
> > All NAT rules, and IP traffic is allowed between these LANs. There
> > shouldnt be any reason, but again I think it has to do with security.
> > Any help is appreciated!
>
> > GNY
>
> This is quite normal with Pix/ASA. Traffic that enters on interface must
> exit another and so you won't be able to access the LAN interface on the
> remote device as that would require hairpinning the traffic which the ASA
> will not do. It't the same reason that with a Pix/ASA on the LAN, you can
> ping the LAN interface (nearest to you) but not the WAN interface.
>
> Chris.
Chris,
Good to see you again :-)
Thanks for the info.. I guess I'm out of luck then. I was hoping to
store some configs using tftp on a server on the other side of the
tunnel from the client box. So I guess I'll have to store them locally
on a server or allow the tftp traffic from the client to the outside
interface and dump it over the outside interface on the remote side
also (Static NAT)... Yuck!
See any other solutions?
Thanks again Chris!
GNY
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map