07-19-2007 10:40 PM
We have a remote site with only 1 public IP address. This has been assigned to the outside interface on the router and that redirects traffic on a port by port basis to the ASA 5510 firewall.
I have created a L2L VPn from a Symantec security firewall to the ASA firewall however I have used the Public IP address of the router as one peer address and the Symantec fireall as the other peer address. Then I am port redirecting 50 & 51 for IKE and port 500 IPSEC on the router to the ASA device.
However we cant see a tunnel - can someone please offer any advice on what else I need to do to get the tunnel working.
nat (Internal) 0 access-list Internal_nat0_outbound
access-list Internal_nat0_outbound extended permit ip Internal-Network 255.255.255.0 X.X.X.X 255.255.255.0
access-list External_cryptomap_20 extended permit ip Internal-Network 255.255.255.0 X.X.X.x 255.255.255.0
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map External_map 20 match address External_cryptomap_20
crypto map External_map 20 set peer X.X.X.X of remote firewall
crypto map External_map 20 set transform-set ESP-3DES-SHA
crypto map External_map interface External
isakmp enable External
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
tunnel-group X.X.X.X of remote firewall type ipsec-l2l
tunnel-group X.X.X.X of remote firewall ipsec-attributes
pre-shared-key
07-25-2007 01:45 PM
If there is no indication that an IPSec VPN tunnel comes up at all, it possibly is due to the fact that ISAKMP has not been enabled. Be sure that you have enabled ISAKMP on your devices.
07-25-2007 08:11 PM
Run debug crypto ipsec and isakmp. Do you see the tunnel trying to set up?
07-26-2007 09:11 AM
Run the commands,
deb cry isa 200
deb cry ipsec 200
On the ASA and send the output. We can check to see where the problem might be.
Thanks
Gilbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide