VPN connectivity issues between Digirouter and Cisco

Hi friends. I’ve been going around in circles with this one for a few days but I’m hoping someone will be able to tell me where I’m going wrong. I’ve provided a fairly basic overview but hopefully you’ll come across this issue in your careers/experiences.

Company A and Company B need to be able to have two way communication with each other via a Cisco ASA firewall in an external Data Centre. We have an IPSEC tunnel between Company A and the ASA and another tunnel between Company B and the ASA. HQ also talks to the ASA. Encryption settings have been checked and verified at each point.

The Problem

Company A can ping HQ & ASA. The ASA can ping Company B
Company B can ping HQ & ASA. The ASA can ping Company A
Company A can ping Company B
HQ can ping Company A & Company B

The problem is that Company B cannot ping Company A

I’ve checked the VPN settings (this can be provided) and all seems to be ok. Is there any bit of configuration on the Digirouter that would block VPN traffic. What seems to be happening is that Company B is sending traffic via the ASA but the Digirouter does not know how to handle it.

Any assistance would be greatly appreciated.



the main thing is

  1. on digi is the remote network/mask is big enough to cover the network address of all the networks involved.
  2. trace to packets to see at what point the packets are dropped / lost

from company B are the packets seen entering the tunnel to the asa
are the packets getting to the asa
at company A are the packets arring out of the tunnel and with the correct source address
are the packets hitting the target device
are the return packets hitting the router to the asa

this would the give you tha failure point

is there any Natting going on in the routers or the ASA are the acl lists wrong size

thats where i would start



1 Like

Thanks Very much James. I will spend some time following your tips and will feedback on completion. Thanks for your time.