Hi,
You have three devices:
Device 1: CISCO ASA 5515 (192.168.1.0/24)
Device 2: RUT955 (192.168.11.0/24)
Device 3: unknown device (192.168.5.0/24)
In order to ping 192.168.5.0/24 from 192.168.1.0/24, you need to add:
- an additional remote network on Device 1 (CISCO) IPsec config:
- 192.168.5.0/24
- 192.168.11.0/24
- an additional local network on Device 2 (RUT955) IPsec config:
- 192.168.5.0/24
- 192.168.11.0/24
In order for 192.168.1.0/24 to ping 192.168.5.0/24 you need a route to 192.168.5.0/24 from 192.168.11.0/24. Login to the router's WebUI and go to the Network → Routing → Static Routes section and add a route to:
- Table: MAIN
- Destination: 192.168.5.0/24
- Netmask: 255.255.255.0
- Gateway: Device 3 IP address
Finally, you need to add a firewall rule to the FORWARD chain of Device 3 in order to be able to ping the network behind it. Unfortunately, I don't know how to configure firewall rules on Device 3 (CISCO?). But the basic idea is that you need to allow traffic on Device 3 FORWARD chain that is:
- originating from 192.168.1.0/24
- destined to 192.168.5.0/24
An iptables analogue would look like this:
iptables -I FORWARD -i eth1 -s 192.168.11.0/24 -d 192.168.5.0/24 -j ACCEPT
To reach 192.168.5.0/24 from 192.168.11.0/24 (RUT955), create an identical rule, but swap 192.168.1.0/24 with 192.168.11.0/24.