Hi,
I have the following issue:
ASA cluster ----- Internet ----- SSG140 (single)
10.10.0.0/16---------------------- 10.10.10.0/24
Route based VPN is configured, both sides SA is up and running, debug shows traffic goes into the tunnel, policy is hit, but no response from the asa's.
I have to configure the proxy id's in the SSG else the SA does not turn active.
If the acl on the cisco side is changed to (ex) 10.10.20.0/24 to 10.10.10.0/24 these proxy-ids are accepted and a policy based vpn works fine.
However then the acl on the cisco side is change to 10.10.0.0/16 to 10.10.10.0/24 - the advertised proxy ids are the remote ip adresses from both asa and ssg
ssg is running 6.2.0.5r0, asa are running 7.2.2
Any suggestions to fix/troubleshoot this?
Thanks
Paul