Wednesday 7 September 2022

can't ping SVI interface on remote switch across S2S VPN

 Had an issue could ping vlan1 (LAN) SVI but not vlan146 (VOICE)

The setup was

LAN client -> L2 VL1 -> L3 SVL VL1 -> Inside ASA -> S2S VPN -> HQ 

Phone client -> L2 VL146 -> L3SVI VL146 -> L3 SVI 1 -> Inside ASA-> S2S VPN -> HQ -> Phone server


I found some messed up NAT's


Removed the global

object network obj_any

 nat (any,outside) dynamic interface


The NoNat had a missing object in the destination

nat (voice,outside) source static obj-10.60.146.0 obj-10.60.146.0 destination static HQ-NET HQ-NETS no-proxy-arp route-lookup


Also needed this NAT on the INSIDE with the 146 networks to ping the SVI. This is becuase the route to the HQ network is through the inside interface of the ASA.

nat (inside,outside) source static obj-10.60.146.0 obj-10.60.146.0 destination static HQ-NET HQ-NETS no-proxy-arp route-lookup



No comments:

Post a Comment