Cisco L2L VPN

Good day All,
I have a slight problem that  I am trying to resolve, I have and ASA which is being used to provide VPN.  The existing config has Remote access tunnels authenticated via digital certificate and an Lan to Lan tunnel which are being terminated on the internal interface of the ASA.  I now need to create and DMZ interface that will also be the terminating interface for another L2L tunnel.  My problem is that the tunnel is established for the DMZ and i can see data being transmitted and recieved when i look at the VPN tunnels under monitor, however i can't ping devices accross the tunnel between the DMZ and the remote site.  Please find attached config on device and drawing with logical setup.
VPN-.pdf
Banshee-config-for-cisco.rtf
operationsbzeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

operationsbzeAuthor Commented:
lots of views but no responses
0
rauenpcCommented:
access-list Outside_nat0_outbound extended permit ip 172.28.1.0 255.255.255.0 object-group Maskall-RTAC

The above shouldn't be needed, and could possibly be causing your problem if this affects the rpf check. You should only need the nat 0 on the "inside" interface which for this scenario is Systemplanning.

Also, you have nat-t disabled on that crypto map. Although this isn't necessarily a problem, just make sure that's what you really want.

This is tough to troubleshoot because you can only use packet-tracer one direction. Would you be able to post the packet-tracer output for traffic going from Systemplanning to RTAC?
0
operationsbzeAuthor Commented:
Thanks for the response Rauenpc, I've tried the tunnel without that ACL entry and it didn't make a difference, but will remove it just to be on the safe side.  I had to disable NAT-T because the tunnel refused to come up if i enabled that functionality.  I am trying to connect a Cisco ASA and an Oncell 3150 but doesn't seem to be going my way at the moment .
0
operationsbzeAuthor Commented:
OK found the issue, the configuration was correct, however the remote device is running off an Edge network that is very slow and giving a lot of retransmissions, 4  for every legit packet so that is basically unusable.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
operationsbzeAuthor Commented:
because no other user provided a solution that worked and as such i had to do the research on my own to find the problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.