Inscrit le: 03 Oct 2017
| Posté le: Lun 27 Nov - 15:02 (2017) Sujet du message: Help: Adding Networks to Encryption Domain
|I am seeking help and/or advise in regards to adding more networks to the encryption domain of an existing site to site IPsec tunnel. Both sides of the tunnel are ASA's. The customer on the remote end is wanting access to more networks on my end. They have already updated their crypto map ACL to include the new networks. When they perform "show crypto IPsec sa peer x.x.x.x" it already shows encap packets attempting to reach my network.
On my side, I updated my crypto map ACL to reference the 2 new networks, created the twice NAT, and added the necessary ACL's to allow inbound access via the ports they want. When I perform a "show crypto IPsec sa peer x.x.x.x" the output is NOT updated with the new networks added to the encryption domain. When I run a packet tracer sourcing from one of the servers in the new network, traffic is being translated as it should, but being dropped when it hits the outbound interface to get on the VPN tunnel.
Am I missing something here? Do I need to bounce the tunnel in order for the new networks to be recognized in the SA?
I didn't find the right solution from the Internet.
product demo animation