below is my scenario.
i have an asa at one end and an sg300 at the other.
trying to get an IPSec tunnel going.
The tunnel comes up but the traffic between the tunnel is not being routed.
checked everything at the asa end and it seems fine.(as the tunnel is up)
when i ping frm the lan side of the asa to the lan side of the sg300 the logs on the asa clearly indicate the packet coming back to the asa from the sg300 is being natted to the public ip of sg300 rather than it being exempted and the packet is dropped by the asa.
how do i explicity specify that the ipsec traffic on the sg300 should be exempted from natting?
in cisco i can do nat exemption, but damm sg300, wherebouts is it? should i uncheck masquerading? if i do, all traffic will die from the sg300 lan!
please help asap!!!!!!!!!!!!
it sounds like you have selected the Phase 2 Settings option Local Network = Local Endpoint ( Masquerared Access ) where as you should probably have Local Network = Network of Switch A or similar.