我们有两个 ASA 5505。一个接受来自进入我们办公室的客户的远程连接，另一个有一条从我们办公室到 AWS 的隧道。

在附图中，红线表示 ping 路径。我能够从 VPN 客户端一直 ping 到 AWS-VPN ASA。我还能够从 AWS 实例一直 ping 到远程访问 VPN ASA。但我似乎无法通过这些防火墙进入他们支持的 VPN 隧道/客户端。

我附上了每个 ASA 的路由表。

ASA-01

Gateway of last resort is x.58.107.57 to network 0.0.0.0

S*    0.0.0.0 0.0.0.0 [1/0] via x.58.107.57, OUTSIDE
C        x.58.107.56 255.255.255.252 is directly connected, OUTSIDE
L        x.58.107.58 255.255.255.255 is directly connected, OUTSIDE
C        172.16.0.0 255.255.252.0 is directly connected, COMPUTE
L        172.16.0.1 255.255.255.255 is directly connected, COMPUTE
C        172.16.8.0 255.255.254.0 is directly connected, GUEST
L        172.16.8.1 255.255.255.255 is directly connected, GUEST
C        172.16.10.0 255.255.254.0 is directly connected, TRUSTED
L        172.16.10.1 255.255.255.255 is directly connected, TRUSTED
C        172.16.12.0 255.255.254.0 is directly connected, DMZ
L        172.16.12.1 255.255.255.255 is directly connected, DMZ
S     172.30.0.0 255.255.0.0 [1/0] via 172.16.0.2, COMPUTE
C        192.168.255.0 255.255.255.0 is directly connected, INFERNO
L        192.168.255.1 255.255.255.255 is directly connected, INFERNO

ASA-02

Gateway of last resort is x.142.10.213 to network 0.0.0.0

S*    0.0.0.0 0.0.0.0 [1/0] via x.142.10.213, OUTSIDE-PHONES
C        x.142.10.212 255.255.255.252 is directly connected, OUTSIDE-PHONES
L        x.142.10.214 255.255.255.255 is directly connected, OUTSIDE-PHONES
C        172.16.0.0 255.255.252.0 is directly connected, COMPUTE
L        172.16.0.2 255.255.255.255 is directly connected, COMPUTE
S        172.16.4.0 255.255.255.0 [1/0] via 172.16.0.1, COMPUTE
C        172.16.60.0 255.255.254.0 is directly connected, PHONES
L        172.16.60.1 255.255.255.255 is directly connected, PHONES
S     172.30.0.0 255.255.0.0 [1/0] via x.142.10.213, OUTSIDE-PHONES