SD- Branch

Bit of a newbie on airheads so forgive me if not the right community.

In my setup I have branch gateway connecting to the Internet. I have LAN "A" on the LAN side which has a LAN "B" behind it connected with a router "AB". BGW has a static route to B via router AB.

Hosts on LAN A get an IP-address from the BGW with it as the default gateway. I can connect to the Internet from A and B, no problem.

My problem: When a host in B wants to connect to a host in A it fails. I can see the connection request on Host A come in via router AB and the reply being sent back via the BGW (it's Def-GW), but the rest is silence. The BGW doesn't seem to route or redirect the traffic. Weird thing is that when Host A initiates the connection to a host in B it works fine. Also, any host in B can connect to the BGW (and the Internet fine)

Is this a routing or an ACL issue? Where to look and what to test?

Do you see ICMP Redirect messages anywhere (from the title of your post)?

Bit of a newbie on airheads so forgive me if not the right community.

In my setup I have branch gateway connecting to the Internet. I have LAN "A" on the LAN side which has a LAN "B" behind it connected with a router "AB". BGW has a static route to B via router AB.

Hosts on LAN A get an IP-address from the BGW with it as the default gateway. I can connect to the Internet from A and B, no problem.

My problem: When a host in B wants to connect to a host in A it fails. I can see the connection request on Host A come in via router AB and the reply being sent back via the BGW (it's Def-GW), but the rest is silence. The BGW doesn't seem to route or redirect the traffic. Weird thing is that when Host A initiates the connection to a host in B it works fine. Also, any host in B can connect to the BGW (and the Internet fine)

Is this a routing or an ACL issue? Where to look and what to test?

Did some more investigation. As said, Ping B to A is not working. Packet capture on A showed requests coming via the router AB interface and replies being sent to the LAN port of the BGW.

Ping A to B is working. Requests get sent to the LAN-interface of the BGW and replies from B come back in via the BGW LAN-interface (🤔), so I also captured on the router AB. That showed that the requests have both the source MAC and IP-Address of the BGW (!) which points to NAT happening on the LAN interface of the BGW. Re-examining the config on Central I noticed "NAT outside" was ticked on the LAN side VLAN. 

I unticked it and tested again. It fixed the issue.

The capture on host A is the same as when Ping B>A failed. Request comes in from Router AB and reply sent to BGW, but the capture on router AB shows IP-Host A as the source and MAC-LAN BGW. Ideally an ICMP redirect should point Host A to router AB, but I can live with the BGW in the path. A traceroute A > B shows 2 hops whereas the traceroute B>A shows only 1 hop. 

What does "NAT outside" do? 

Do you see ICMP Redirect messages anywhere (from the title of your post)?

Bit of a newbie on airheads so forgive me if not the right community.

In my setup I have branch gateway connecting to the Internet. I have LAN "A" on the LAN side which has a LAN "B" behind it connected with a router "AB". BGW has a static route to B via router AB.

Hosts on LAN A get an IP-address from the BGW with it as the default gateway. I can connect to the Internet from A and B, no problem.

My problem: When a host in B wants to connect to a host in A it fails. I can see the connection request on Host A come in via router AB and the reply being sent back via the BGW (it's Def-GW), but the rest is silence. The BGW doesn't seem to route or redirect the traffic. Weird thing is that when Host A initiates the connection to a host in B it works fine. Also, any host in B can connect to the BGW (and the Internet fine)

Is this a routing or an ACL issue? Where to look and what to test?