I found this problem very interesting today. Take a look at the packet captures below. The first capture image is taffic going across a VPN to a test remote site. The second capture image is traffic coming back to the main site. We were NAT'ing this traffic to a public IP address, and sending from an internal IP of 10.15.1.46. Notice that when the ICMP packet returns, it is destined back to a different address (10.15.1.6). Its very interesting.
Packet going across to remote site:
Traffic coming back across the VPN to the main site:
So, what caused this? Well, I thought it was some NAT issue, but as it turns out, it turned out that I needed to add a statement under the global policy.
policy-map global_policy
class inspection_default
inspect icmp
Once I put the 'inspect icmp' command in, the NAT came back correct. However, as it turns out, the regular data did NAT appropriately.
No comments:
Post a Comment
Your comment will be reviewed for approval. Thank you for submitting your comments.